Option to require that the configs have secure permissions

[passcod]

Some configs will have sensitive tokens or secrets in them. In those cases I'd like to be able to either warn or enforce that config files have proper permissions, like 0600 on unix.

For prior art, see SSH, which refuses to load keys if they have improper permissions.

[passcod]

(I realise development is paused until redesign — I quite understand! — but figured I'd at least add my desires to the wishlist, as it were.)

[matthiasbeyer]

I'd love to see a PR for this!