nixos/initrd-ssh: set more defensive pemissions on sshd test key

It looks like the test sshd key can never be used, because of too open
permissions. My guess is that the current test script works fine once
the user defined ssh-key has been copied into initrd.

At "nixos-install" however, the user specified host key is not present
in initrd yet and validation fails.

fixes #91486

nixos/modules/system/boot/initrd-ssh.nix

@@ -159,9 +159,14 @@ in
 
     boot.initrd.extraUtilsCommandsTest = ''
       # sshd requires a host key to check config, so we pass in the test's
+      tmpkey="$(mktemp initrd-ssh-testkey.XXXXXXXXXX)"
+      cp "${../../../tests/initrd-network-ssh/ssh_host_ed25519_key}" "$tmpkey"
+      # keys from Nix store are world-readable, which sshd doesn't like
+      chmod 600 "$tmpkey"
       echo -n ${escapeShellArg sshdConfig} |
         $out/bin/sshd -t -f /dev/stdin \
-        -h ${../../../tests/initrd-network-ssh/ssh_host_ed25519_key}
+        -h "$tmpkey"
+      rm "$tmpkey"
     '';
 
     boot.initrd.network.postCommands = ''