fix: update cos-tool permissions to adhere to cis hardening rules (#485)

* fix: update cos-tool permissions to adhere to cis hardening rules

* fix static-lib

* fix cos-tool permissions for this charm as well

* remove chmod from library

* fix unit tests

charmcraft.yaml

@@ -26,4 +26,4 @@ parts:
       - curl
     override-pull: |
       curl -L -O https://github.com/canonical/cos-tool/releases/latest/download/cos-tool-${CRAFT_TARGET_ARCH}
-      chmod +x cos-tool-*
+      chmod 775 cos-tool-*

lib/charms/loki_k8s/v0/loki_push_api.py

@@ -485,7 +485,7 @@ def _alert_rules_error(self, event):
 
 # Increment this PATCH version before using `charmcraft publish-lib` or reset
 # to 0 if you are raising the major API version
-LIBPATCH = 30
+LIBPATCH = 32
 
 PYDEPS = ["cosl"]
 
@@ -1975,7 +1975,9 @@ def _add_pebble_layer(self, workload_binary_path: str) -> None:
             },
         }
         self._container.add_layer(
-            self._container_name, pebble_layer, combine=True  # pyright: ignore
+            self._container_name,
+            pebble_layer,  # pyright: ignore
+            combine=True,  # pyright: ignore
         )
 
     def _create_directories(self) -> None:
@@ -2495,12 +2497,9 @@ def _get_tool_path(self) -> Optional[Path]:
         arch = "amd64" if arch == "x86_64" else arch
         res = "cos-tool-{}".format(arch)
         try:
-            path = Path(res).resolve()
-            path.chmod(0o777)
+            path = Path(res).resolve(strict=True)
             return path
-        except NotImplementedError:
-            logger.debug("System lacks support for chmod")
-        except FileNotFoundError:
+        except (FileNotFoundError, OSError):
             logger.debug('Could not locate cos-tool at: "{}"'.format(res))
         return None