builder image: use sane umask

What does this MR do?

Revert umask 0000 to umask 0002

• b712e249
• a3484ad0
• !57 (merged)
• #304 (closed)

Why was this MR needed?

Fix massive security issue, having umask=0 and checked out files world writable will make containers built by uninformed users pwnable.

• #1736 (comment 114089700)
• #1736 (comment 114109901)
• #1736 (comment 35314083)
• !440 (comment 21342043)

Are there points in the code the reviewer needs to double check?

Does this MR meet the acceptance criteria?

• Documentation created/updated
• Tests
  • Added for this feature/bug
  • All builds are passing
• Branch has no merge conflicts with master (if you do - rebase it please)

What are the relevant issue numbers?

Closes: #1736 (closed)