container: make hostconfig.json non-world-readable (0600)

When writing container's `hostconfig.json`, permissions were set to 0644 (world-
readable). While this is not a security concern (as the `/var/lib/docker/containers`
directory has `0700` or `0701` permissions), there is no real need to have these
permissions, as this file is only accessed by the daemon.

Looking at history for file permissions;

- 06b53e3fc7aca2b3dae32edab08c7662d3e9e7e8 (first implementation) used `0666` (world-writable)
- cf1a6c08fa03aa7020f8f5b414bb9349a9c8371a refactored the code, and removed explicit permissions
- ea3cbd3274664f5b16fce78d7df036f6b5c94e30 introduced atomic writes, and brought back the `0666` permissions
- 3ec8fed7476704f061891d4c421c615da49e30c7 removed world-writable bits, but kept world-readable

This patch updates the permissions to `0600`, matching what's used for `config.v2.json`,
which was updated in ae52cea3ab46e1e728606349fb6baa9a8203f3ed, but forgot to update
`hostconfig.json`.

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

container/container.go

@@ -244,7 +244,7 @@ func (container *Container) WriteHostConfig() (*containertypes.HostConfig, error
 		return nil, err
 	}
 
-	f, err := ioutils.NewAtomicFileWriter(pth, 0644)
+	f, err := ioutils.NewAtomicFileWriter(pth, 0600)
 	if err != nil {
 		return nil, err
 	}