Fix secret and config mode issue

This fix tries to address the issue raised in 36042
where secret and config are not configured with the
specified file mode.

This fix update the file mode so that it is not impacted
with umask.

Additional tests have been added.

This fix fixes 36042.

Signed-off-by: Yong Tang <yong.tang.github@outlook.com>

daemon/container_operations_unix.go

@@ -239,6 +239,9 @@ func (daemon *Daemon) setupSecretDir(c *container.Container) (setupErr error) {
 		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
 			return errors.Wrap(err, "error setting ownership for secret")
 		}
+		if err := os.Chmod(fPath, s.File.Mode); err != nil {
+			return errors.Wrap(err, "error setting file mode for secret")
+		}
 	}
 
 	label.Relabel(localMountPath, c.MountLabel, false)
@@ -320,6 +323,9 @@ func (daemon *Daemon) setupConfigDir(c *container.Container) (setupErr error) {
 		if err := os.Chown(fPath, rootIDs.UID+uid, rootIDs.GID+gid); err != nil {
 			return errors.Wrap(err, "error setting ownership for config")
 		}
+		if err := os.Chmod(fPath, configRef.File.Mode); err != nil {
+			return errors.Wrap(err, "error setting file mode for config")
+		}
 
 		label.Relabel(fPath, c.MountLabel, false)
 	}