/etc/sasl-xoauth2.conf is world-readable, probably should not be, as it contains a line for a secret

sasl-xoauth2-tool: avoid leaking a secret on the command line via --client-secret

help integrating more smoothly with postfix
