file provisioner default mode bits insecure (and no way to change them)

[discordianfish]

This is a copy of hashicorp/packer#3862, in fact I wanted to fill this issue here but actually it applies to both packer and terraform the same

Hi,

it looks like the file provisioner makes all files world-readable. The permissions can be fixed with the shell provisioner in a next step, but this leaves the files world-readable for a brief time. Beside that, a user might expect that the provisioner keeps the permissions of the source files.

Personally I'd prefer if it would use the same permissions as the source file and support a mode attribute in the file provisioner to set a mode explicitly.

[mengesb]

This also applies to other provisioners, for example the upload provisioner in docker_container... I'm uploading replacement bash scripts and the permissions cannot be 0666

[OJFord]

It would be great to have a mode attribute at least (though I do agree keeping source's would be sane default) - since it would be useful for content where there isn't something to copy.