Assert restrictive permissions on the database directory [CVE-2023-1672]

This was mostly done in 11-2 but left a tiny window upon first
installation.

debian/tang-common.postinst

@@ -12,9 +12,10 @@ case "$1" in
         fi
 
         # assert db directory
-        mkdir -p "$db_dir"
-        chown _tang:_tang "$db_dir"
+        mkdir -m0750 -p "$db_dir"
+        # assert restrictive permissions upon upgrade
         chmod 0750 "$db_dir"
+        chown _tang:_tang "$db_dir"
 
         ;;
     abort-upgrade | abort-remove | abort-deconfigure) ;;