blobl/fileblob: Add a custom createTemp function that uses consistent file permissions.

[calebbrown]

A take at trying to make the file permissions consistent between directories, blob files and attribute files.

Rather than using a syscall to grab the umask, we replace os.CreateTemp/ioutil.TempFile with our own version that uses the permissions we desire.

Differences with os.CreateTemp:

• Uses time.UnixNano() instead of fastrand()
• Stores the temporary file "in-place" while it is being written

This has the following implications:

• After the year 2262 the behaviour is undefined (as per time.UnixNano())
• It is possible for the file to already exist - this has a low likelihood, as the int64 is serialized as a hex value in the filename

Fixes #3165

[codecov]

Codecov Report

Merging #3166 (afc114a) into master (2c69298) will increase coverage by 0.00%.
The diff coverage is 63.63%.

@@           Coverage Diff           @@
##           master    #3166   +/-   ##
=======================================
  Coverage   72.78%   72.79%           
=======================================
  Files         113      113           
  Lines       14388    14398   +10     
=======================================
+ Hits        10473    10481    +8     
- Misses       3189     3191    +2     
  Partials      726      726           

Impacted Files	Coverage Δ
blob/fileblob/fileblob.go	81.97% <63.63%> (-0.50%)	⬇️
runtimevar/awssecretsmanager/awssecretsmanager.go	83.00% <0.00%> (+0.97%)	⬆️

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.