Post audit: tighten access permissions for configs

Another point after @manu's audit:

I would propose considering the following:

• put a WARNING section to the config files (close to the sections where password/key is configured) with a link to guide how to setup it up correctly so the administrator has at least a chance to notice it and follow the recommendation
• let service during startup/reload if the password or key secret is present and display/log warning (?with link to the guide?)
• change access permissions to 0640 by default (instead of 0644); in other words, remove read rights for 'other'. Note: User/group ownership should be 'root' or the 'user' under which kea is running.

While the second would probably be tricky to implement, so we might skip it, proposals 1 and 3 are solid and we should do it.

This ticket is about updating the packages. Some might argue that similar action should be done for Kea sources (e.g. make sure the make install install the sources with more restrictive permissions).