cleanup: address golangci 'gosec' issues

The golangci 'gosec' linter complains about permissions that could be
more secure. These have been modified or annotated on.

Signed-off-by: Niels de Vos <ndevos@ibm.com>

internal/cephfs/nodeserver.go

@@ -432,6 +432,7 @@ func getBackingSnapshotRoot(
 
 	snapshotsBase := path.Join(stagingTargetPath, ".snap")
 
+	//nolint:gosec // intended use of a variable for the path
 	dir, err := os.Open(snapshotsBase)
 	if err != nil {
 		log.ErrorLog(ctx, "failed to open %s when searching for snapshot root: %v", snapshotsBase, err)

internal/health-checker/manager.go

@@ -115,7 +115,7 @@ func (hcm *healthCheckManager) createChecker(volumeID, path string, ct CheckerTy
 // startFileChecker initializes the fileChecker and starts it.
 func (hcm *healthCheckManager) startFileChecker(volumeID, path string, shared bool) error {
 	workdir := filepath.Join(path, ".csi")
-	err := os.Mkdir(workdir, 0o755)
+	err := os.Mkdir(workdir, 0o750)
 	if err != nil && !os.IsExist(err) {
 		return fmt.Errorf("failed to created workdir %q for health-checker: %w", workdir, err)
 	}

internal/util/pidlimit.go

@@ -120,6 +120,7 @@ func SetPIDLimit(limit int) error {
 		return err
 	}
 
+	//nolint:gosec // pidsMax is the intended file to use
 	f, err := os.Create(pidsMax)
 	if err != nil {
 		return err

tools/yamlgen/main.go

@@ -98,6 +98,7 @@ func writeArtifact(artifact deploymentArtifact) {
 	dir := path.Dir(artifact.filename)
 	_, err := os.Stat(dir)
 	if os.IsNotExist(err) {
+		//nolint:gosec // 0o750 is recommended, but the contents should be public
 		err = os.MkdirAll(dir, 0o775)
 		if err != nil {
 			panic(fmt.Sprintf("failed to create directory %q: %v", dir, err))