Fix permissions on ZFS root encryption key (644 -> 600).

MFC after:	3 days
X-MFC-to:	stable/10 stable/9
Security:	CVE-2015-1415
Reported by:	Pierre Kim

usr.sbin/bsdinstall/scripts/zfsboot

@@ -1128,6 +1128,9 @@ zfs_create_boot()
 			f_eval_catch $funcname dd "$DD_WITH_OPTIONS" \
 			             /dev/random "$bootpool/$zroot_key" \
 			             "bs=4096 count=1" || return $FAILURE
+			f_eval_catch $funcname "$CHMOD_MODE" \
+			             go-wrx "$bootpool/$zroot_key" ||
+			             return $FAILURE
 		else
 			# Clean up
 			f_eval_catch $funcname zfs "$ZFS_UNMOUNT" \