I finally migrated my home configuration to guix home. However, it seems guix home creates all symlinks with 777 permissions. This causes problems with openssh as it will not recognize my ~/.ssh/authorized_keys. It seems the directories have reasonable permissions (maybe because they already existed?), but it seems like someone could in theory edit the symlinks in-place (though I wasn't able to figure that out).
I formulated based on the example in Section 11.1 of the devel user manual. You should be able to recreate the problem with (replacing <your ssh public key here>):
(home-environment
(services
(list
(simple-service
'my-home-files-service
home-files-service-type
(list
`("ssh/authorized_keys"
,(plain-file
"home-authorized-keys"
"<your ssh public key here>")))))))