Normalize permissions in custom hooks tar archives
In order to better ensure gitaly operations are not modifying repository data in read-only transactions, the read snapshot of all the involved repositories has its permissions set to readonly. This means that RPCs that are intended to generate an archive end up returning a very permission limited archive. So here we change the tar builder used for backing up custom hooks to generate an archive with read/write permissions. These permissions will be restricted by umask on extraction. Similar to how os.Create uses 0o666.
Note we could in theory use the stdlib to create this tar file, we already have a stdlib tar builder in internal/gitaly/archive, but this would require adding symlink support which we are looking to phase out anyway (WAL/transactions do not support symlinks).