Problem Description:
The default permission set by bsdinstall(8) installer
when configuring full disk encrypted ZFS is too open.
Impact:
A local attacker may be able to get a copy of the geli(8)
provider’s keyfile which is located at a fixed location.