roles/freeradius: Set dhparam permissions

The `dhparam` file used by FreeRadius needs to be readable by the
*radiusd* group.

roles/freeradius/tasks/main.yml

@@ -70,6 +70,12 @@
   command:
     openssl dhparam -out /etc/raddb/certs/dhparam {{ radiusd_dhparm_size }}
     creates=/etc/raddb/certs/dhparam
+- name: ensure dh parameters file permissions are correct
+  file:
+    path=/etc/raddb/certs/dhparam
+    mode=0640
+    owner=root
+    group=radiusd
 - name: ensure example certificates are removed
   command:
     rm -vf