Avoid storing temporary files directly in /tmp
This can subject the user to attacks on multi-user systems.
Using mktemp is the right way to do this, but just
use the source tree because it makes the code simpler.
The previous commit already ensures cleanup of the files.