The ssl-cert group which normally owns files under /etc/ssl is
created by a dependency of the apache module, but we need to create
files there before that service is started. Break the cycle by just
relying on the root group instead. Also update permission modes on
these files to reflect sensible systems administration practices
(read/write by root, readable by everyone except for the key file
which is inaccessible for others).
Change-Id: Ia76a344e5b4d3d7acdf0980ed7f951f8d5199052
1d78addd24