Fix keyring file missing after Vault restart

[shujun10086]

Fix keyring file missing after Vault restart

Vault can be killed by signal SIGTERM in anytime. If Vault is
updating keyring file and there is no byte writen into the fd
at that time,  then the size of the keyring file will be zero. 
Because the file is opened with os.O_TRUNC, and the fd will be closed
automatically after Vault exits.
Then try to unseal Vault after it startup again, the keyring file will
be deleted in getInternal function due to its size is zero. So that is
why the keyring file is missing. And the Vault cannot be unsealed
anymore due to the file missing.
Write data into a temp file then move it instead of target file directly
can avoid the issue.

Fix:#15680

[hashicorp-cla]

All committers have signed the CLA.

[shujun10086]

How to add maintainer ?

[raskchanky]

Thanks for working on this! I had one small suggestion for your changelog entry.

[raskchanky]

This changelog entry should indicate what changed from a user's perspective. For example, in this case, maybe something like:

Fix possible keyring truncation when using the file backend.

[shujun10086]

Ok. I am new in github, If I still needs to update the file in my repository (Vault fork project) ? How can I squash this pull request(There are three commits so far). It seems no branch name and I have no permission.

[shujun10086]

Anyway I update the file in the fouth commit.

[raskchanky]

Yeah, no need to worry about squashing. That will happen automatically when the PR is merged.

[raskchanky]

Looks good, thanks for working on this!

[shujun10086]

@raskchanky If this change can be ported back to other release like 1.8 1,9 ? Because this is the version we are using and meet the problem. I do not know how to port back it and if I have permission I can do it.

[raskchanky]

@shujun10086 We support n-2 versions, so with 1.11 just released, this can be backported to 1.10 and 1.9. I can handle that for you.