[teleport-update] Adjustments for SELinux

[sclevine]

This PR adjusts teleport-update to avoid issues with default SELinux configuration.

These changes are based on research and testing by @vapopov.

When service files are copied atomically using renameio, the initial temporary location adds SELinux contexts that make the file unreadable by systemctl:

# ls -lahZ /lib/systemd/system/teleport.service
-rw-r--r--. 1 root root unconfined_u:object_r:user_tmp_t:s0 436 Jan 22 19:34 /lib/systemd/system/teleport.service

This PR adjusts renameio to use the same target directory when this is relevant:

# ls -lahZ /lib/systemd/system/teleport.service
-rw-r--r--. 1 root root unconfined_u:object_r:systemd_unit_file_t:s0 436 Jan 23 15:28 /lib/systemd/system/teleport.service

These temporarily files are created in the format /etc/systemd/system/.teleport.service1234. This does not appear to interfere with systemd or systemctl.

This PR also adds various checks to make sure that the systemd service file is readable during initial install and update.

---

The teleport-update binary will be used to enable, disable, and trigger automatic Teleport agent updates. The new auto-updates system manages a local installation of the cluster-specified version of Teleport stored in /opt/teleport.

RFD: #47126
Goal (internal): https://github.com/gravitational/cloud/issues/10289

[vapopov]

verified on RHEL 9.5

[root@vbox teleport]# ./build/teleport-update link-package
2025-01-23T15:28:43.156-08:00 INFO [UPDATER]   Validating binary name:fdpass-teleport agent/validate.go:68
2025-01-23T15:28:43.159-08:00 INFO [UPDATER]   Binary does not support version command name:fdpass-teleport agent/validate.go:79
2025-01-23T15:28:43.160-08:00 INFO [UPDATER]   Validating binary name:tbot agent/validate.go:68
2025-01-23T15:28:43.184-08:00 INFO [UPDATER]   [stdout] Teleport v17.2.2 git:v17.2.2-0-g61667e2 go1.23.5 agent/logger.go:69
2025-01-23T15:28:43.187-08:00 INFO [UPDATER]   Validating binary name:tctl agent/validate.go:68
2025-01-23T15:28:43.213-08:00 INFO [UPDATER]   [stdout] Teleport v17.2.2 git:v17.2.2-0-g61667e2 go1.23.5 agent/logger.go:69
2025-01-23T15:28:43.216-08:00 INFO [UPDATER]   Validating binary name:teleport agent/validate.go:68
2025-01-23T15:28:43.602-08:00 INFO [UPDATER]   [stdout] Teleport v17.2.2 git:v17.2.2-0-g61667e2 go1.23.5 agent/logger.go:69
2025-01-23T15:28:43.608-08:00 INFO [UPDATER]   Validating binary name:tsh agent/validate.go:68
2025-01-23T15:28:43.694-08:00 INFO [UPDATER]   [stdout] Teleport v17.2.2 git:v17.2.2-0-g61667e2 go1.23.5 agent/logger.go:69
2025-01-23T15:28:43.862-08:00 INFO [UPDATER]   Systemd configuration synced. unit:teleport.service agent/process.go:259
2025-01-23T15:28:43.862-08:00 INFO [UPDATER]   Successfully linked system package installation. agent/updater.go:799

[root@vbox teleport]# ls -lahZ /usr/lib/systemd/system/teleport.service
-rw-r--r--. 1 root root unconfined_u:object_r:systemd_unit_file_t:s0 436 Jan 23 15:28 /usr/lib/systemd/system/teleport.service

[root@vbox teleport]# systemctl status teleport
● teleport.service - Teleport Service