testcfg: Fix workaround to build Go binaries in unowned directories

Go is embedding VCS information into Go binaries since Go 1.18, which it derives from the repository by executing some Git commands. This doesn't work though when the repository is not owned by the user building the binaries due to CVE-2022-24765, where Git started to refuse operating in any such repository it doesn't own.

We have tried to fix this in 61331af0 (testcfg: Fix building binaries as unprivileged user with Go 1.18+, 2022-07-07) by setting GIT_CONFIG_ environment variables to inject the safe.directory config entry, which can be used to override this safety mechanism. This doesn't work though, as documented by git-config(1):

This config setting is only respected when specified in a system or
global config, not when it is specified in a repository config, via
the command line option -c safe.directory=<path>, or in environment
variables.

Work around this limitation by writing a temporary, system-level config file that contains this key and setting GIT_CONFIG_SYSTEM to point to that file.