ci: dct private key must not be rw by others

Author: buchdag

.github/workflows/build-publish-signed.yml

@@ -23,6 +23,7 @@ jobs:
           DCT_KEY_BASE64: ${{ secrets.DCT_KEY_BASE64 }}
         run: |
           echo "$DCT_KEY_BASE64" | base64 -d > delegation.key
+          chmod 600 delegation.key
           docker trust key load delegation.key --name gha
           rm delegation.key