20663: Improve permissions and ownership handling

20663: Improve permissions and ownership handling

* Set permissions of everything at creation time.
* Only change ownership for things we touch.
* Manage group ownership as well as user
  (having things owned by user:root is weird).
* Modernize style.

This is preparation for allowing administrators to configure what
resources arvados-login-sync manages.

Note this means arvados-login-sync no longer changes permissions for a
user's home directory. The administrator can do that by setting UMASK
in /etc/login.defs.

Arvados-DCO-1.1-Signed-off-by: Brett Smith <brett.smith@curii.com>