(#13260) Use mktmpdir when downloading packages
This fixes a security vulnerability in the appdmg and pkgdmg providers where
they would curl packages directly into /tmp and the install them, allowing an
attacker to craft a symlink and overwrite arbitrary files or install arbitrary
packages.
Conflicts:
lib/puppet/provider/package/appdmg.rb
lib/puppet/provider/package/pkgdmg.rb