MDEV-30904 "rpm --setugids" breaks PAM authentication

Set auto_pam_tool_dir and auth_pam_tool ownership in RPM specs,
not in POSTINST hook script, so that they are properly restored
when running "rpm --setugids" instead of wrongly changing
auth_pam_tool_dir ownershipt from "mysql" to "root"

plugin/auth_pam/CMakeLists.txt

@@ -43,8 +43,8 @@ IF(HAVE_PAM_APPL_H AND HAVE_GETGROUPLIST)
     MYSQL_ADD_EXECUTABLE(auth_pam_tool auth_pam_tool.c DESTINATION ${INSTALL_PLUGINDIR}/auth_pam_tool_dir COMPONENT Server)
     TARGET_LINK_LIBRARIES(auth_pam_tool pam)
     SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST}
-        "%attr(700,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir"
-        "%attr(4755,-,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool")
+        "%attr(700,${MYSQLD_USER},-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir"
+        "%attr(4755,root,-) ${INSTALL_PLUGINDIRABS}/auth_pam_tool_dir/auth_pam_tool")
     SET(CPACK_RPM_server_USER_FILELIST ${CPACK_RPM_server_USER_FILELIST} PARENT_SCOPE)
   ENDIF()
   IF(TARGET auth_pam OR TARGET auth_pam_v1)

support-files/rpm/server-postin.sh

@@ -69,9 +69,6 @@ if [ $1 = 1 ] ; then
   chmod -R og-rw $datadir/mysql
 fi
 
-# Set the correct filesystem ownership for the PAM v2 plugin
-chown %{mysqld_user} /usr/lib*/mysql/plugin/auth_pam_tool_dir
-
 # install SELinux files - but don't override existing ones
 SETARGETDIR=/etc/selinux/targeted/src/policy
 SEDOMPROG=$SETARGETDIR/domains/program