Replace isc_fsaccess API with more secure file creation
The isc_fsaccess API was created to hide the implementation details between POSIX and Windows APIs. As we are not supporting the Windows APIs anymore, it's better to drop this API used in the DST part.
Moreover, the isc_fsaccess was setting the permissions in an insecure manner - it operated on the filename, and not on the file descriptor which can lead to all kind of attacks if unpriviledged user has read (or even worse write) access to key directory.
Replace the code that operates on the private keys with code that uses mkstemp(), fchmod() and atomic rename() at the end, so at no time the private key files have insecure permissions.
Closes #3982 (closed)
Edited by Ondřej Surý