Use systemd-tmpfiles to create the private tmp mount namespace root
dir (/tmp/snap-private-tmp) on boot as owned by root with restrictive
permissions. We can use this as a known location to then create per-snap
private tmp mount namespace dirs (/tmp/snap-private-tmp/snap.$SNAP_INSTANCE)
etc.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

To avoid unprivileged users being able to interfere with the creation of the
private snap mount namespace, instead of creating this as /tmp/snap.$SNAP_NAME/
we can now use the systemd-tmpfiles configuration to do this for us
at boot with a known fixed name (/tmp/snap-private-tmp/) and then use that as
the base dir for creating per-snap private tmp mount
namespaces (eg. /tmp/snap-private-tmp/snap.$SNAP_INSTANCE/tmp) etc.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

The output format of ls could vary depending on the local systems locale etc whereas
the output of stat is fixed so use this instead to check file owner /
permissions.

Signed-off-by: Alex Murray <alex.murray@canonical.com>

This should ensure that any older versions of snapd that are vulnerable to this
new CVE-2022-3328 are uninstalled on upgrade to the fixed version.

Signed-off-by: Alex Murray <alex.murray@canonical.com>