fix(bundler): In .deb packages, set uid=0 for all files

[olivierlemasle]

What kind of change does this PR introduce?

• Bugfix
• Feature
• Docs
• New Binding issue #___
• Code style update
• Refactor
• Build-related changes
• Other, please describe:

Does this PR introduce a breaking change?

• Yes, and the changes were approved in issue #___
• No

Checklist

• When resolving issues, they are referenced in the PR's title (e.g fix: remove a typo, closes #___, #___)
• A change file is added if any packages will require a version bump due to this PR per the instructions in the readme.
• I have added a convincing reason for adding this feature, if necessary

Other information

This solves one of the issues reported in #7074:

lintian (the Debian package linter) reported these errors:

E: tauri-app: control-file-has-bad-owner 1000/1000 != root/root (or 0/0) [md5sums]
...
E: tauri-app: wrong-file-owner-uid-or-gid 1000/1000 [usr/]
E: tauri-app: wrong-file-owner-uid-or-gid 1000/1000 [usr/bin/]
E: tauri-app: wrong-file-owner-uid-or-gid 1000/1000 [usr/bin/tauri-app]
...

The Debian package file contains two archive files (control.tar.gz and data.tar.gz) which are created with file metadata copied from the build filesystem: mode, time, uid, gid, etc.

That caused the package to use the uid of the build user (typically an unprivileged user with uid 1000) instead of the root user as required.

With this commit, the metadata are still copied, except for uid and gid, which are overridden and set to 0 (=root).

[FabianLars]

Thanks for the PR! Since we didn't merge 1.x back into dev yet (should happen once the 1.5 release calmed down a bit) i think this should target the 1.x branch instead so 1.x users get the fix faster.

[olivierlemasle]

Thanks @FabianLars, I've rebased the PR to target branch 1.x.

[FabianLars]

Thank you!

[tweidinger]

Thanks for this security relevant improvement 👍