tar preservers permissions when creating .npmbox files

[arei]

By default tar files have their file permissions (permissions, owner, group, etc) preserved inside the tar file. In most npmunbox operations, these are ignored and the users umask is used instead. However, when npmunbox is run as root or as sudo, permissions are restored which can make the .npmbox-cache folder have incorrect permissions and lead to a EACCS error.

In order to address this, we need to pass more properties into the tar command to prevent permissions being stored when creating the .npmbox file. Or we have to prevent permissions from being restored when performing the untar operation.

Unfortunately, this will involve changing our usage of tar.gz since it does not support such fidelity, or modifying tar.gz so it does.

[bwacek]

Just to add more information, this issue really becomes a pain when boxing packages on Windows, then trying to unbox on Linux. Windows permissions on boxing are kept at 666 (octal permissions), which prevents any subdirectories from being used in Linux. There's no way to modify the existing box files aside from repackaging them manually.

[arei]

npmbox 2.3.0 changed the package used for decompression to one that allows us to set the default permission for all file decompressed. This should fix this issue.