It's not clear why anyone other that the superuser needs to be able to descend into /run/knot-resolver, so we should drop this extra permission.
it appears to have been added e0f33604, but the log message for that commit doesn't explain why the permission needs to be loosened.
The main situation that calls for executable but not readable directories is when a directory contains something at a known location that everyone must be able to reach, but also contains some sensitive file with a name that itself is unguessable (i.e. high entropy string). That doesn't appear to be the case here.
By principle of least privilege, we should leave it locked down unless there's a clear justification for opening it up.