copr-be: avoid rsync_opts (not idempotent)

roles/copr/backend/tasks/resalloc.yml

@@ -117,13 +117,24 @@
   synchronize:
     src: "resalloc_provision/"
     dest: "/var/lib/resallocserver/resalloc_provision/"
-    rsync_opts:
-      - "--chown=resalloc:resalloc"
-      - "--chmod=D700,F600"
-      - "--chmod=a+X"
   tags:
   - provision_config
 
+- name: Resalloc, perms for provisioning files, D700, F600, Preserve Executable
+  ansible.builtin.file:
+    path: "/var/lib/resallocserver/resalloc_provision/"
+    owner: resalloc
+    group: resalloc
+    # The mode 'u=rwX,g=,o=' achieves the required complex permissions:
+    # - u=rw: Base 600 permissions for owner.
+    # - X: Adds executable bit only if path is a directory (700) or was already executable (700).
+    # - g=,o=: Explicitly removes permissions from group and others (resulting in D700/F600).
+    mode: 'u=rwX,g=,o='
+    state: directory
+    recurse: yes
+  tags:
+    - provision_config
+
 - name: Resalloc, scripts
   ansible.builtin.template: src="resalloc/{{ item }}.j2" dest="/var/lib/resallocserver/resalloc_provision/{{ item }}"
             mode=755