[FR] Mount ESP with umask 0077

[technobirb]

describe the request

The ESP seems to be mounted with the default umask=0022 during installation and written into fstab by genfstab. This causes a warning at boot:

systemd[1]: Starting Update Boot Loader Random Seed...
bootctl[1897]: ! Mount point '/boot' which backs the random seed file is world accessible, which is a security hole! !
bootctl[1897]: ! Random seed file '/boot/loader/random-seed' is world accessible, which is a security hole! !
bootctl[1897]: Random seed file /boot/loader/random-seed successfully refreshed (32 bytes).

It would be better to either mount ESP with umask=0077 during installation, or generate an fstab with the option (e.g. Fedora).

p.s. genfstab also clutter the mount options with default values, but that's cosmetic...