Enable Compatibility with Windows (#2333)

## Issue Addressed

Windows incompatibility.

## Proposed Changes

On windows, lighthouse needs to default to STDIN as tty doesn't exist. Also Windows uses ACLs for file permissions. So to mirror chmod 600, we will remove every entry in a file's ACL and add only a single SID that is an alias for the file owner.

Beyond that, there were several changes made to different unit tests because windows has slightly different error messages as well as frustrating nuances around killing a process :/

## Additional Info

Tested on my Windows VM and it appears to work, also compiled & tested on Linux with these changes. Permissions look correct on both platforms now. Just waiting for my validator to activate on Prater so I can test running full validator client on windows.

Co-authored-by: ethDreamer <37123614+ethDreamer@users.noreply.github.com>
Co-authored-by: Michael Sproul <micsproul@gmail.com>

remote_signer/backend/src/lib.rs

@@ -163,7 +163,14 @@ pub mod backend_new {
 
     #[test]
     fn given_path_is_not_a_dir() {
-        let matches = set_matches(vec!["this_test", "--storage-raw-dir", "/dev/null"]);
+        let matches = set_matches(vec![
+            "this_test",
+            "--storage-raw-dir",
+            match cfg!(windows) {
+                true => "C:\\Windows\\system.ini",
+                false => "/dev/null",
+            },
+        ]);
 
         assert_backend_new_error(&matches, "Storage Raw Dir: Path is not a directory.");
     }
@@ -171,7 +178,7 @@ pub mod backend_new {
     #[test]
     fn given_inaccessible() {
         let tmp_dir = tempdir().unwrap();
-        set_permissions(tmp_dir.path(), 0o40311);
+        restrict_permissions(tmp_dir.path());
 
         let matches = set_matches(vec![
             "this_test",
@@ -184,7 +191,7 @@ pub mod backend_new {
         // A `d-wx--x--x` directory is innaccesible but not unwrittable.
         // By switching back to `drwxr-xr-x` we can get rid of the
         // temporal directory once we leave this scope.
-        set_permissions(tmp_dir.path(), 0o40755);
+        unrestrict_permissions(tmp_dir.path());
 
         match result {
             Ok(_) => panic!("This invocation to Backend::new() should return error"),
@@ -263,16 +270,16 @@ pub mod backend_raw_dir_sign_message {
     fn storage_error() {
         let (backend, tmp_dir) = new_backend_for_signing();
 
-        set_permissions(tmp_dir.path(), 0o40311);
-        set_permissions(&tmp_dir.path().join(PUBLIC_KEY_1), 0o40311);
+        restrict_permissions(tmp_dir.path());
+        restrict_permissions(&tmp_dir.path().join(PUBLIC_KEY_1));
 
         let result = backend.sign_message(
             PUBLIC_KEY_1,
             Hash256::from_slice(&hex::decode(SIGNING_ROOT).unwrap()),
         );
 
-        set_permissions(tmp_dir.path(), 0o40755);
-        set_permissions(&tmp_dir.path().join(PUBLIC_KEY_1), 0o40755);
+        unrestrict_permissions(tmp_dir.path());
+        unrestrict_permissions(&tmp_dir.path().join(PUBLIC_KEY_1));
 
         assert_eq!(
             result.unwrap_err().to_string(),

remote_signer/backend/src/storage_raw_dir.rs

@@ -83,12 +83,12 @@ mod get_keys {
         add_key_files(&tmp_dir);
 
         // All good and fancy, let's make the dir innacessible now.
-        set_permissions(tmp_dir.path(), 0o40311);
+        restrict_permissions(tmp_dir.path());
 
         let result = storage.get_keys();
 
         // Give permissions back, we want the tempdir to be deleted.
-        set_permissions(tmp_dir.path(), 0o40755);
+        unrestrict_permissions(tmp_dir.path());
 
         assert_eq!(
             result.unwrap_err().to_string(),
@@ -141,13 +141,13 @@ mod get_secret_key {
         let (storage, tmp_dir) = new_storage_with_tmp_dir();
         add_key_files(&tmp_dir);
 
-        set_permissions(tmp_dir.path(), 0o40311);
-        set_permissions(&tmp_dir.path().join(PUBLIC_KEY_1), 0o40311);
+        restrict_permissions(tmp_dir.path());
+        restrict_permissions(&tmp_dir.path().join(PUBLIC_KEY_1));
 
         let result = storage.get_secret_key(PUBLIC_KEY_1);
 
-        set_permissions(tmp_dir.path(), 0o40755);
-        set_permissions(&tmp_dir.path().join(PUBLIC_KEY_1), 0o40755);
+        unrestrict_permissions(tmp_dir.path());
+        unrestrict_permissions(&tmp_dir.path().join(PUBLIC_KEY_1));
 
         assert_eq!(
             result.unwrap_err().to_string(),