Check that external files are world-readable
Can we implement a check that sym-linked files are world-readable with something like
"$(find "$filename" -perm -004)"
in case the cvmfs sync script cannot easily be patched? Not clear to me whether this is better done in the CI or as part of the commit script. If the latter is possible, perhaps that would be a good point to flag this up, but if people sneakily try to bypass the commit script, perhaps we should also check it in the CI?