testcfg: Fix workaround to build Go binaries in unowned directories
Go is embedding VCS information into Go binaries since Go 1.18, which it derives from the repository by executing some Git commands. This doesn't work though when the repository is not owned by the user building the binaries due to CVE-2022-24765, where Git started to refuse operating in any such repository it doesn't own.
We have tried to fix this in 61331af0 (testcfg: Fix building binaries
as unprivileged user with Go 1.18+, 2022-07-07) by setting GIT_CONFIG_
environment variables to inject the safe.directory
config entry, which
can be used to override this safety mechanism. This doesn't work though,
as documented by git-config(1):
This config setting is only respected when specified in a system or
global config, not when it is specified in a repository config, via
the command line option -c safe.directory=<path>, or in environment
variables.
Work around this limitation by writing a temporary, system-level config
file that contains this key and setting GIT_CONFIG_SYSTEM
to point to
that file.