arm tells users to "sudo -u debian-tor arm", which lets arm read tor's keys

in config/strings.cfg:

msg.setup.arm_is_running_as_root Arm is currently running with root permissions. This isn't a good idea, nor should it be necessary. Try starting arm with "sudo -u {tor_user} arm" instead.

Telling the user to run arm as the tor user exposes all of /var/lib/tor/ to arm, which is probably more than needed and likely more than expected.

At least on debian, the right answer is "sudo adduser $USER debian-tor" and then run arm as the normal user (after logout/login as needed). See #10700 (moved) for where this topic came up.