Sane default file permissions

doas.conf(5) is not an executable format, so `a+x` makes no sense.
It contains privileged commands/information by design, so `o+r` is questionable.

Use `u=rw,g=,o=` to match OpenBSD's /etc/examples/doas.conf suggestion.

REFERENCE.md

@@ -75,7 +75,7 @@ Data type: `String`
 
 mode of $configfile
 
-Default value: `'0555'`
+Default value: `'0600'`
 
 ## Defined types
 

manifests/init.pp

@@ -25,7 +25,7 @@
   Hash   $entries    = {},
   String $owner      = 'root',
   String $group      = 'wheel',
-  String $mode       = '0555',
+  String $mode       = '0600',
 ) {
   concat { $configfile:
     owner        => $owner,

spec/classes/doas_spec.rb

@@ -11,7 +11,7 @@
         is_expected.to contain_concat('/etc/doas.conf')
           .with_owner('root')
           .with_group('wheel')
-          .with_mode('0555')
+          .with_mode('0600')
       }
       it {
         is_expected.to contain_concat__fragment('doas header')