It seems the permissions on the symlink don't matter. The problem is that the file linked to in the store is readable by everyone (which I am ok with because it's just public keys).
There is a solution with guix system by configuring openssh directly (see openssh-configuration -> authorized-keys), but there really should be a way to do this with guix home. (anyone that can call guix home for my user can see/modify my authorized_keys anyway) Maybe this bug should be renamed to something like "guix home cannot configure authorized_keys"?
