There are some cases where the file permissions should be more or less restrictive than the certmonger defaults. The role should provide a mode parameter for this. See https://github.com/linux-system-roles/certificate/issues/133#issuecomment-1475281537
Upstream PR: https://github.com/linux-system-roles/certificate/pull/175