Ensure launcher application files & directories have proper access control

[seejdev]

The launcher process runs as root/admin and lower privileged users should not be able to read or modify files & directories which are only used by the launcher process.

This includes:

• Configuration files
• App data
• Certificates
• Enrollment data

This does not include files which are used by launcher desktop; these should be restricted to the logged-in user.

[directionless]

This relates to https://github.com/kolide/launcher/issues/1143

• .../data should be private
• .../conf/secret isn't very secret, but should be private.
• .../conf/launcher.flags (or whatever it's called) should not be secret.

It's possible some of that should change locations or move to the registry.