upload-artifact does not retain artifact permissions

[kcgen]

The baseline behavior of the zip utilty on Linux and macOS is to retain permissions.

However, when the upload-artifact action zips a directory, it loses permissions, which subsequently breaks the artifacts for users and downstream tools.

Expected behavior: the permissions applied to assets in prior steps should be retained by the upload-artifact zipper, and should be present in the resulting asset zip file.

[kcgen]

Adding this issue to the download-artifact action, as that's where the zipping is currently performed in the v1 API. actions/download-artifact#14.
Will leave this open in both repos open until it's solved (however github wants to manage this in their backend for v2).

[nhooyr]

Can confirm that with unzip -Z on the resulting .zip, there are no executable permissions on files that should have executable perms.