In guix-daemons run with --disable-chroot, only trusted users should be
allowed access to the daemon socket, because anyone with access to the
daemon socket in this situation can take control over the build user (or
if there are no build users, the daemon user) by making a builder put a
setuid binary in /tmp.

As I would like to strongly encourage the regular running of 'make
check', it would therefore be good to limit access to the
test-environment daemon's socket.  The attached patch does this by
modifying test-env so that it ensures strict permissions on
$GUIX_STATE_DIRECTORY/daemon-socket.

- reepca