In trunk, we now have svn_io_mktemp() which creates temporary files
in a more secure way than svn_io_open_uniquely_named().
svn_io_mktemp() is effectively equivalent to mkstemp().
svn_io_open_uniquely_named() is still useful for cases where predictable
temporary filenames are desirable because the user directly interfaces with
the files (e.g. temporary files for log messages), but everywhere else we
should be creating temporary files with svn_io_mktemp().
The benefits are both in security and performance, because
svn_io_open_uniquely_named() is a performance bottleneck when creating
many temporary files in the same directory.
While at it, we should convert all temporary file handling to using
streams (svn_stream_t) instead of filehandles (apr_file_t) where possible.
There already are stream-based tempfile generation functions, but they
currently use svn_io_open_uniquely_named() under the hood.
Task
Major