umask makes `portable` archives not necessarily portable

[isaacs]

When creating an archive on linux, with portable:true, in many default configurations the modes end up in the archive as 0o775 and 0o664, because the system umask is 0o0002. On many other systems, the default system umask is 0o0022, so the files end up in the archive as 0o755 and 0o644.

Portable archives should be 100% reproducible with the same file contents, even across different systems.

Options:

1. Specify a umask in tar.c(), and mask file modes against that.
2. Always copy the group permission to match the user permission for portable archives, and trust that the unpacking operation will do the right thing. (Ie, pretend that we had a umask of 0o0002 for all systems.)
3. Always make the mode for group and world match user. (Ie, pretend that we had a umask of 0 for all systems.)

2 and 3 feel insecure. It means that it'd be impossible to have a file that's got a mode like 0o740 or something.

1 feels like a good option, especially if it defaults to 0o0022, which is likely the "safest" default, but it means that unpacked archives may end up with lower perms than the user expects. (Probably better than the alternative? If they're using archives created from systems with a 0o22 umask, they have to deal with that situation anyway.)