Volumes created from ConfigMaps and Secrets have 777 permissions by default

[Cris-GarGon]

Environmental Info:
Node(s) CPU architecture, OS, and Version:
Red Hat Enterprise Linux release 8.10 (Ootpa)

Cluster Configuration:
1 master, 4 workers

Describe the bug:
Creating a ConfigMap or a Secret and mounting it as a volume in a Deployment, the resulting volume has 777 permissions. This can be a security issue, as it allows any system user to read and write to the volume.

Steps To Reproduce:

1. Create a ConfigMap or a Secret in Openshift.
2. Mount the ConfigMap or Secret as a volume in a Deployment.
3. Verify the permissions of the created volume.

Expected behavior:
The created volume should have more restrictive permissions, such as 644 or 600, depending on the configuration and intended use.

Actual behavior:
The created volume has 777 permissions, allowing full access to any system user.

Additional context / logs:
Example command to verify permissions:
sudo find / -perm -007 \( -type f -o -type d \) -ls

Example output:
262958 4 drwxrwxrwx 3 root root 4096 Aug 10 13:49 /var/lib/kubelet/pods/ad05694c-d570-4b8f-8a63-adb9b8e6787f/volumes/kubernetes.io~configmap/config-volume

Configuration used:

apiVersion: v1
kind: ConfigMap
metadata:
  name: app-nginx
  namespace: default
data:
  nginx.conf: |
  ...
---  
apiVersion: apps/v1
kind: Deployment
metadata:
  name: app
  namespace: default
...
        volumeMounts:
            - name: config-volume
              subPath: ./nginx.conf
              mountPath: /etc/nginx/conf.d/default.conf
      volumes:
        - name: config-volume
          configMap:
            name: app-nginx