fix(express): generated xprv is permissioned only for owner

BREAKING-CHANGE: Generated encryptedPrivKeys.json is now only read/writeable by file owner
TICKET: WP-4201

Author: mohammadalfaiyazbitgo

modules/express/src/fetchEncryptedPrivKeys.ts

@@ -94,12 +94,20 @@ export async function fetchKeys(ids: WalletIds, token: string, accessToken?: str
 
   const data = JSON.stringify(output, null, '\t');
   const fileName = 'encryptedPrivKeys.json';
-  writeFile(fileName, data, (err) => {
-    if (err) {
-      throw err;
+  writeFile(
+    fileName,
+    data,
+    {
+      // Read & Write permissions for the file owner *only*
+      mode: 0o600,
+    },
+    (err) => {
+      if (err) {
+        throw err;
+      }
+      console.log(`Wallet IDs and encrypted private keys saved to ${fileName}`);
     }
-    console.log(`Wallet IDs and encrypted private keys saved to ${fileName}`);
-  });
+  );
 
   return Promise.resolve(output);
 }