- generally load configs only if they have correct ownership and filemask
- don't use regex containing user controlled parts
- drop privileges for actual chown and chmod execution...
- ...since the script should generally only be allowed to chown files owned by
  the run_user to the sftp_user and then chmod files owned by the sftp_user
- stringify yaml configs to prevent object injection