execute: Chown credentials files and directories to service group

execute: Chown credentials files and directories to service group

For a userns root user to be able to access the credentials, both
the uid and gid of the credentials directory have to be mapped into
the userns. Currently, the credentials directory group is root, which
we obviously do not want to map in to a userns, so let's make sure
that the credentials directory and files are owned by the service
group instead, which can generally be safely mapped into the userns.

Since we use permissions mode 0600, this shouldn't cause any change
in who is able to access the credentials.

Fixes #28747