certs: assign .key.pem to group ssl-cert, to permit access by other users

certs/init.sls

@@ -94,6 +94,6 @@ c_rehash:
   file.managed:
     - contents_pillar: {{ pillar_name }}:privkey
     - user: root
-    - group: root
-    - mode: 400
+    - group: ssl-cert
+    - mode: 440
 {% endfor %}