Uses tmp library to ensure more secure tmp file creation

[JessRudder]

Currently this action creates temporary files using os.tmpdir() with predictable filenames which results in files that could be readable by other system users.

This PR replaces manual temporary file creation with the tmp library which automatically implements the following security best practices:

Automatic restrictive file permissions (0600 on Unix systems)
Secure temporary directory selection
Random filename generation

This change eliminates the information exposure risk while maintaining the same functionality.

Note: The tmp library uses an MIT license. Not sure what to do to get the license check to pass.

[Copilot]

Pull Request Overview

This PR enhances the security of temporary file creation by replacing manual temporary file handling with the tmp library. The change addresses a security vulnerability where temporary files were created with predictable filenames and potentially unsafe permissions.

• Replaces manual temporary file creation using os.tmpdir() with the secure tmp library
• Removes the hardcoded filename constant and helper function for temporary directory handling
• Updates test expectations to match the new random filename pattern

Reviewed Changes

Copilot reviewed 3 out of 6 changed files in this pull request and generated 1 comment.

File	Description
src/main.ts	Replaces manual temp file creation with secure tmp.fileSync() call and removes helper function
package.json	Adds tmp library and its TypeScript definitions as dependencies
tests/main.test.ts	Updates test expectation to match new random filename pattern

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.
You can also share your feedback on Copilot code review for a chance to win a $100 gift card. Take the survey.}

[sgoedecke]

@JessRudder Try running licensed cache, that should pull in the new license.