Hardening for DiagnosticPort #5563
Description
The current security model for diagnostic port acknowledges that a malicious process could create its own unix domain socket or squat on the file name that would be used by some other process whenever /tmp or TMPDIR is shared with untrusted users. Although we aren't planning to change those basic assumptions in the security model, we could still take steps to make the squating less likely by using directories that are only writable by the current user when possible such as RUNTIME_DIR and XDG_RUNTIME_DIR.
We should consider adding support for writing the port under those directories if the environment variables are set, then falling back to TMPDIR and /tmp otherwise. If we do this we need to be wary of back-compat by updating the tools first to check those locations, then update the runtime later once the tools have had time to be picked up by users.