Security fix

• Fixes sbt.io.IO.withTemporaryFile not limiting access on Unix-like systems in io#344/zinc#1185 by @eed3si9n

IO.withTemporaryFile fix

sbt 1.8.3 fixes sbt.io.IO.withTemporaryFile etc not limiting access on Unix-like systems. Prior to this patch release, some functions were using java.io.File.createTempFile, which does not set strict file permissions, as opposed to the NIO-equivalent that does.

This means that on a shared Unix-like systems, build user or plugin's use of sbt.io.IO.withTemporaryFile etc would have exposed the information to other users.

This issue was reported by Oleksandr Zolotko at IBM, and was fixed by Eugene Yokota (@eed3si9n) in io#344/zinc#1185.

Other updates

sbt 1.8.3 backports Zinc and IO fixes from 1.9.0-RC2 as well.

• Fixes Zinc incremental compilation looping infinitely zinc#1182 by @CarstonSchilds
• Fixes spurious whitespace in the runner script by @keynmol in #7134
• Fixes NullPointerError under -Vdebug by @som-snytt in zinc#1141
• Avoids deprecated java.net.URL constructor by @xuwei-k in io#341
• Updates to Swoval 2.1.10 by @eatkins in io#343
• Notifies ClassFileManager from IncOptions in Incremental.prune by @lrytz in zinc1148
• Adds FileFilter.nothing and FileFilter.everything by @mdedetrich in io#340