kustomize: use FS from fluxcd/pkg

This switches to a secure FS implementation in most places, except for
where we can not make changes at this moment because it would break
behavior.

Not handled in this commit:

- Allowing the root for `manifestgen` packages to be configured.
- Allowing the user to define a working root while building locally.
- Defaulting to the secure FS implementation in
  `kustomization.MakeDefaultOptions`. Problem here is that constructing
  the secure FS could result in an error, which we can not surface
  without signature changes to the constructor func.

Signed-off-by: Hidde Beydals <hello@hidde.co>

pkg/manifestgen/install/manifests.go

@@ -26,8 +26,8 @@ import (
 	"path/filepath"
 	"strings"
 
+	"github.com/fluxcd/pkg/kustomize/filesys"
 	"github.com/fluxcd/pkg/untar"
-	"sigs.k8s.io/kustomize/api/filesys"
 
 	"github.com/fluxcd/flux2/pkg/manifestgen/kustomization"
 )
@@ -126,8 +126,12 @@ func build(base, output string) error {
 		return err
 	}
 
-	fs := filesys.MakeFsOnDisk()
-	if err := fs.WriteFile(output, resources); err != nil {
+	outputBase := filepath.Dir(strings.TrimSuffix(output, string(filepath.Separator)))
+	fs, err := filesys.MakeFsOnDiskSecure(outputBase)
+	if err != nil {
+		return err
+	}
+	if err = fs.WriteFile(output, resources); err != nil {
 		return err
 	}