Update atomic writer based on upstream: avoiding chown race condition

[inteon]

Update the vendored atomic writer to match upstream.

Release notes: Updated the atomic writer based on upstream changes: Files are now chowned before being made visible to the workload, avoiding a possible race condition.

[munnerz]

Awesome, so this also moves the chown step to before the atomic update operation, in turn helping to avoid a race condition where the files may not have the current permission bits set immediately after they are made visible to the workload?

Can you update the title/release note to reflect this behavioural change so it can bubble up into release notes?

[jetstack-bot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: munnerz

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files: - ~~[OWNERS](https://github.com/cert-manager/csi-lib/blob/main/OWNERS)~~ [munnerz] Approvers can indicate their approval by writing `/approve` in a comment Approvers can cancel approval by writing `/approve cancel` in a comment