Protect /etc/salt/grains

Make sure that the permissions of /etc/salt/grains only allow access for the
root user.

bootstrap.sh.tmpl

@@ -30,6 +30,7 @@ pillar_roots:
 log_file: file:///dev/log
 EOF
 
+umask 077
 cat >/etc/salt/grains <<EOF
 roles:
 # TODO: fill real roles

states/base/init.sls

@@ -11,6 +11,13 @@ base-packages:
       - git
       - locales-all
 
+/etc/salt/grains:
+  file.managed:
+    - user: root
+    - group: root
+    - mode: 0600
+    - replace: False
+
 /home/vagrant/.screenrc:
   file.managed:
     - user: vagrant