bbb-install.sh: insecure deployment of haproxy's certificate in renewal-hook

[liske]

bbb-install.sh deploys a certbot deploy hook to bunble the certs and private key into a .pem file to be used by haproxy. Sadly this sensible file is created in a insecure way:

bbb-install/bbb-install.sh

Lines 807 to 808 in 9ae77a2

	touch /etc/haproxy/certbundle.pem.new
	chmod 0640 /etc/haproxy/certbundle.pem.new

An arbitrary user can win a race condition between the touch and the chmod command. If the user succeeds to open the file before the chmod got applied he will be able to retrieve the private key.

Fix:

• replace both commands with a single umask 007

[ffdixon]

Good catch -- I've got some updates planned for bbb-install.sh based on feedback and issues. This one will go in the next round of updates.