(#12462) user_role_add: use replace_file for /etc/shadow
The user_role_add provider for user management previously open-coded the safe,
atomic replacement of /etc/shadow after in modified it.
Mostly even safely, except that it didn't enforce permissions on the temporary
file, so might have spilled data to third parties, if tempfile isn't
sufficiently secure. (Ruby makes no promises about tempfile mode.)
We replace that with the standard, central replace_file API, which ensures
that is done in a safe, correct, and standard fashion.
On the way through this removes the window where this could previously have
lost the content of /etc/shadow due to an unfortunately timed crash, by
ensuring we fsync the content of the temporary file.
It also documents, but doesn't eliminate, the lack of locking and other races
around this update to the shadow file.
Finally, some minor code and test updates to make it easier to test this on
fake data, rather than like on your own /etc/shadow file...
Signed-off-by: Daniel Pittman <daniel@puppetlabs.com>