Fix protoc install vulnerability

[erikbosch]

See https://cwe.mitre.org/data/definitions/22.html

Theoretical risk in short:

• We download a malicious zip archive
• The zip archive contains items like "../../usr/bin/something"
• We might end up with installing unwanted files at wrong places

Tested that it does not affect normal install This was detected when running Github code scanning in my own fork