Enforced root-only permissions on cloud.providers.d.

As mentioned in issue #118, provider files may contain passwords
or API keys and should be restricted. Profiles/maps are probably
OK with the defaults.

salt/cloud.sls

     - name: /etc/salt/cloud.{{ dir }}.d
     - source: {{ source }}
     - template: jinja
-    - user: root
-    - group: root
-    - dir_mode: 755
-    - file_mode: 644
     - makedirs: True
 {%- endfor %}
+
+salt-cloud-providers-permissions:
+  file.directory:
+    - name: /etc/salt/cloud.providers.d
+    - user: root
+    - group: root
+    - file_mode: 600
+    - dir_mode: 700
+    - recurse:
+      - user
+      - group
+      - mode