nextflow auth login command has incorrect default permissions
nextflow auth login persists Seqera Platform OIDC tokens to ${NXF_HOME:-~/.nextflow}/seqera-auth.config. The file is created via Java NIO without specifying file permissions, so under the default umask 022 it lands at mode 0644 (world-readable). On a multi-user POSIX host — typically an HPC login node, shared workstation, or jump host — any local user able to traverse the victim's home directory can read the file and obtain a valid Platform bearer …