correct permissions before dropping privs

[qrkourier]

The ZET service fails to start as user "ziti" if the IPC socket dir was previously created by user "root" in a scenario where the binary was run manually before the service was started.

Possible solution: correct owner and mode as root with systemd service unit directive ExecStartPre. The directive is currently used to run a script that provides features like enrolling with tokens in the configured identity dir. (link to unit template). We could enhance that script to fix perms.