init set config.py perms to 0600, otherwise warn user if config.py is not

Since config.py contains passwords in it, it should be protected as much as
possible.  At the very least, the file permissions should be 0600 to
restrict access to user that actually edits and runs 'fdroid' commands.

fdroidserver/common.py

@@ -19,6 +19,7 @@
 
 import glob, os, sys, re
 import shutil
+import stat
 import subprocess
 import time
 import operator
@@ -43,6 +44,9 @@ def read_config(opts, config_file='config.py'):
     if not os.path.isfile(config_file):
         print "Missing config file - is this a repo directory?"
         sys.exit(2)
+    st = os.stat(config_file)
+    if st.st_mode & stat.S_IRWXG or st.st_mode & stat.S_IRWXO:
+        print("WARNING: unsafe permissions on config.py (should be 0600)!")
 
     options = opts
     if not hasattr(options, 'verbose'):

fdroidserver/init.py

@@ -109,6 +109,7 @@ def main():
         os.mkdir('repo')
         shutil.copy(os.path.join(examplesdir, 'fdroid-icon.png'), repodir)
         shutil.copyfile(os.path.join(examplesdir, 'config.sample.py'), 'config.py')
+        os.chmod('config.py', 0o0600)
     else:
         print('Looks like this is already an F-Droid repo, cowardly refusing to overwrite it...')
         sys.exit()