make output bit-wise same the same as git archive

[JanZerebecki]

@kpcyrd mentioned in #reproducible-builds on 2014-07-25 that it seems that in the tar.gz we generate we do not sort the files the same way as git archive and github tar downloads and tar --sort=name . (Github downloads usually match git -c tar.tar.gz.command="gzip -cn" archive --prefix="$NAME-$VERSION/" -o archive.tar.gz "$TAG".)

We sort at https://github.com/openSUSE/obs-service-tar_scm/blob/master/TarSCM/archive.py#L234

Also permission mode is 0o755 vs 0o775.

Example:
diff https://whatsrc.org/diff/sha256:0edf2381dfe48feaf65c117fa51e5c9231ad8d659d102d14a3481e9b2af42b36/sha256:2e5fca25b4d4ee6c6a9556795cf958537cf3401d51268fec86b3c0af1be945f5
that compares https://github.com/google/osv-scanner/archive/v1.8.2/osv-scanner-1.8.2.tar.gz
with buildtime generated tar from .src.rpm from https://build.opensuse.org/package/show/openSUSE:Factory/osv-scanner

[JanZerebecki]

Maybe: sorted(['foo/', 'foo.go'], key=lambda x: x.removesuffix('/'))
Also maybe needs to be in locale en_US.UTF-8