Unix: Don't create world-writable files when safe save is enabled

[andyprice]

When the "filesystem/on_save/safe_save_on_backup_then_rename" option is enabled, files are created with 0666 permissions (-rw-rw-rw-) which is too loose. Use 0644 (-rw-r--r--) instead which is how the files would normally be created with the setting disabled and the system umask taken into account.

Note: Originally I was going to remove the fchmod() entirely and allow mkstemp() to set the permissions based on the umask but https://github.com/godotengine/godot/pull/79866#discussion_r1273040161 suggests that would break web builds. However, there should be no reason for files created by godot to ever be world-writable.

[akien-mga]

Makes sense to me. I also see another 0666 there, not sure if that's also something we need to review:

Error FileAccessUnixPipe::open_internal(const String &p_path, int p_mode_flags) {
...
                if (mkfifo(path.utf8().get_data(), 0666) != 0) {

[andyprice]

Makes sense to me. I also see another 0666 there, not sure if that's also something we need to review:

Error FileAccessUnixPipe::open_internal(const String &p_path, int p_mode_flags) {
...
                if (mkfifo(path.utf8().get_data(), 0666) != 0) {

I think this should be 0600 to make sure only the current user can read from or write to the pipe. I'm not too familiar with how pipes are used in Godot but I suspect there wouldn't be (shouldn't be) multiple users involved in communication over them.

[andyprice]

I've added a commit to limit the pipe permissions too.

[andyprice]

(Polite nudge for reviews or merge.)

[andyprice]

Are there any outstanding concerns with this PR? @bruvzg?

[Repiteo]

Thanks! Congratulations on your first contribution! 🎉