release:prepare stores settings.xml in a public directory

The fix for MRELEASE-577 involves copying settings.xml into a temporary directory. On a shared machine, it's possible that users have passwords configured in this file. Although they should probably have used settings-security.xml some will have set file permissions to prevent other users from reading their settings.

If a build fails the file can be behind in /tmp.

The copy should either be set to world-unreadable before any contents are written or created in a non-public location.