fix: docker non-buildx file copy ensure name is unique

[miki725]

• [x] Followed the steps in the contributor's guide: https://crashoverride.com/docs/other/contributing#filing-the-pull-request
• [x] PR title uses semantic commit messages
• [x] Filled out the template to a useful degree
• [x] Updated CHANGELOG.md if necessary

Issue

When docker context contained docker or chalk folders, entrypoint wrapping would fail

Description

For non-buildx build, as the file needed to be copied into the context to be copied in Dockerfile, the name needs to be unique as if the same filename/folder already exist in the context folder, the copy/move will fail which in turn would bail out of ENTRYPOINT wrapping. Now chalk ensures that filename is unique for both copy/move modes.

In addition when using buildx, whenever chalk binary was located in a folder which contained .dockerignore which ignored the chalk binary (e.g. in chalk repo itself), the wrapping would fail as the binary could not be copied into the build. Now this edge case is detected and the file is copied into a temporary directory hence guaranteeing there is no .dockerignore there.

Testing

[miki725]

Are there any significant TOCTOU issues here?

no