[core] fix potential streaming tempfile corruption (fixes #2760)

set O_APPEND after mkstemp() in chunk.c  (mkostemp() is not as portable)
(also set FD_CLOEXEC to avoid potentially leaking open tempfiles to CGI)

(thx dieter.ro for helping track this down)

x-ref:
  https://redmine.lighttpd.net/boards/3/topics/6884
  "potential tempfile corruption when streaming response"
  https://redmine.lighttpd.net/issues/2760

src/chunk.c

@@ -480,6 +480,9 @@ static chunk *chunkqueue_get_append_tempfile(chunkqueue *cq) {
 		return NULL;
 	}
 
+	fd_close_on_exec(fd);
+	(void)fcntl(fd, F_SETFL, fcntl(fd, F_GETFL, 0) | O_APPEND);
+
 	c = chunkqueue_get_unused_chunk(cq);
 	c->type = FILE_CHUNK;
 	c->file.fd = fd;