vmspawn: do not preserve access permissions and xattrs of template OVMF vars

vmspawn: do not preserve access permissions and xattrs of template OVMF vars

This makes vmspawn work when /usr/share/qemu/edk2-i386-vars.fd is on
disk with 0444 permissions as is the case on NixOS.

The nix package manager does not store any access permissions, ownership,
timestamps, or extended attributes in its package format to increase
reproducibility. The only meta-data that is stored is the executable bit.

Thus when unpacking a nix package, the executable bit is preserved, but no other
access permissions are preserved and all files in /nix/store end up as
read-only.

This causes the template OVMF vars file to have 0444 permissions. If we preserve
those permissions when copying the template file to /tmp that means QEMU can not
write to the file and fails.

So lets not preserve permissions and keep the 0600 permissions that are set by
default.

(cherry picked from commit 96e481bfbd6c52aabc72116f7ff479f11baeead1)