fix: HiddenServiceDir must be chmod 700 for Tor

Tor requires HiddenServiceDir to be 700. Root can still read hostname
files inside 700 dirs, so the background onion-writer works fine.

tor-proxy/entrypoint.sh

@@ -32,8 +32,7 @@ fi
 
 mkdir -p /var/lib/tor/ssh /var/lib/tor/admin
 chown -R tor:nogroup /var/lib/tor
-chmod 700 /var/lib/tor
-chmod 755 /var/lib/tor/ssh /var/lib/tor/admin
+chmod 700 /var/lib/tor /var/lib/tor/ssh /var/lib/tor/admin
 
 cat > /etc/tor/torrc <<EOF
 # Generated by entrypoint.sh at container start