install-sh: avoid (low risk) race in "/tmp"

install-sh: avoid (low risk) race in "/tmp"

Ensure that nobody can cross privilege boundaries by pre-creating
symlink on '$tmpdir' destination directory.

Just testing 'mkdir -p' by creating "/tmp/ins$RANDOM-$$/d" is not safe
because "/tmp" directory is usually world-writeable and
"/tmp/ins$RANDOM-$$" content could be pretty easily guessed by
attacker (at least for shells where $RANDOM is not supported).  So, as
the first step, create the "/tmp/ins$RANDOM-$$" without -p.  This step
would fail early if somebody wanted catch us.

Systems that implement (and have enabled) fs.protected_symlinks kernel
feature are not affected even without this commit.

References:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=760455
https://bugzilla.redhat.com/show_bug.cgi?id=1140725

* lib/install-sh: Implement safer 'mkdir -p' test by running
'$mkdirprog $mkdir_mode "$tmpdir"' first.
* NEWS: Update.

Signed-off-by: Mathieu Lirzin <mthl@gnu.org>