ensure /tmp is writeable from the sandbox

[avsm]

#4589 modified TMPDIR handling such that /tmp is no longer accessible from within the sandbox, preferring to enforce the use of $TMPDIR instead.

The FHS does require that /tmp exists and is writeable, but does not mandate how large it can be. Some programs, such as gappa (see ocaml/opam-repository#23433) create domain sockets in /tmp without using TMPDIR, and are broken by the sandbox change in #4589.

I think we should go back to /tmp being writeable, to be more FHS-friendly. The default behaviour can still be to use /tmp-opam as the scripts do right now, but with an addition /tmp mounted in.