Use umask for race-free permission setting

Without using umask there's a small time window where paths are world
readable. That is a bad idea to do for secret files (e.g. the dovecot
code path).

mail-server/systemd.nix

@@ -64,6 +64,8 @@ in
       in ''
         # Create mail directory and set permissions. See
         # <http://wiki2.dovecot.org/SharedMailboxes/Permissions>.
+        # Prevent world-readable paths, even temporarily.
+        umask 007
         mkdir -p ${directories}
         chgrp "${vmailGroupName}" ${directories}
         chmod 02770 ${directories}