sympl-filesystem-security: Play nicer with composer-based setups
Composer tends to put things in public/vendor, which it expects to be executable (copmoser itself, drush, etc), and currently sympl-filesystem-security
resets these permissions.
A simple fix is to just exclude the contents of public/vendor when we also exclude public/cgi-bin