Say you’ve got a fairly-restrictive default umask of 027 which prevents other users from reading files which they really should be able to read (for instance, the keyrings used by apt).
You can use setfacl to relax that for a given directory (or directories) so that newly-created files will be world-readable:
# recursively change the default permissions to 755
setfacl --recursive --default --modify u::rwx,g::r-x,o::r-x \
/etc/apt/keyrings/ /usr/share/keyrings/