Set XDG_RUNTIME_DIR perimssions to 700

From the spec: "Its Unix access mode MUST be 0700". Some software
will check this and throw an error if it isn't. For instance, the
xdg crate returns an `Err(XdgRuntimeDirInsecure(/*...*/))` under
muvm.

Signed-off-by: Kitlith <[email protected]>

Author: kitlith

crates/muvm/src/guest/user.rs

@@ -16,7 +16,7 @@ pub fn setup_user(uid: Uid, gid: Gid) -> Result<PathBuf> {
 
     let path = tempfile::Builder::new()
         .prefix(&format!("muvm-run-{uid}-"))
-        .permissions(Permissions::from_mode(0o755))
+        .permissions(Permissions::from_mode(0o700))
         .tempdir()
         .context("Failed to create temp dir for `XDG_RUNTIME_DIR`")?
         .into_path();