extract: use open(create=true) when extracting files

[StefanKarpinski]

Using open's create flag when extracting files should prevent certain kinds of attacks if all our other defenses don't catch them, e.g. writing CON on Windows or /etc/passwd on UNIX. Closes #147.

[StefanKarpinski]

@vtjnash, is this what you had in mind?

[codecov[bot]]

Codecov Report

Base: 97.37% // Head: 97.37% // No change to project coverage :thumbsup:

Coverage data is based on head (0dc24db) compared to base (6bfc114). Patch coverage: 100.00% of modified lines in pull request are covered.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #148 +/- ## ======================================= Coverage 97.37% 97.37% ======================================= Files 4 4 Lines 801 801 ======================================= Hits 780 780 Misses 21 21 ``` | [Impacted Files](https://codecov.io/gh/JuliaIO/Tar.jl/pull/148?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JuliaIO) | Coverage Δ | | |---|---|---| | [src/extract.jl](https://codecov.io/gh/JuliaIO/Tar.jl/pull/148/diff?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JuliaIO#diff-c3JjL2V4dHJhY3Quamw=) | `98.14% <100.00%> (ø)` | | Help us with your feedback. Take ten seconds to tell us [how you rate us](https://about.codecov.io/nps?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JuliaIO). Have a feature suggestion? [Share it here.](https://app.codecov.io/gh/feedback/?utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=JuliaIO)

:umbrella: View full report at Codecov.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.