image.in, stage2: reworked TCB fixup hook

The issue at hand is that:

/etc/tcb/USER/shadow gets USER:auth ownership (OK);
/etc/tcb/USER/shadow- backup file is root:root (broken);
/etc/tcb/USER/shadow.lock file is also root:root (broken).

This is observed for all pseudousers created by package installation
process within working chroots as well as for users created by deflogin
feature; the problem is that e.g. echo USER:PASS | chpasswd will break.

Looks like the cuplrit might be fakeroot/faked.

image.in/image-scripts.d/09-tcb-fix

@@ -1,8 +0,0 @@
-#!/bin/sh -e
-# /etc/tcb/<user>/shadow* permissions can be wrong
-# if an account was created from installed package
-
-cd /etc/tcb
-for u in *; do
-	chown "$u":auth "$u"/shadow*
-done

image.in/image-scripts.d/99-tcb-fix

@@ -0,0 +1,5 @@
+#!/bin/sh -e
+# drop intermediate files not needed in the image
+# which receive broken permissions in fakeroot environment
+
+rm -f /etc/tcb/*/shadow{-,.lock}

sub.in/stage2/image-scripts.d/99-tcb-fix

@@ -0,0 +1,5 @@
+#!/bin/sh -e
+# drop intermediate files not needed in the image
+# which receive broken permissions in fakeroot environment
+
+rm -f /etc/tcb/*/shadow{-,.lock}