Create a temp staging dir per-download

[RebeccaMahany]

Relates to #954.

Reusing the same temp directory for staging TUF downloads is proving more error-prone than it's worth -- I've seen at least a couple instances of could not download updates: [could not download update for launcher: could not add release launcher-1.0.16.tar.gz for binary launcher to library: could not stage update: could not create file at /tmp/staged-updates612578530/launcher-1.0.16.tar.gz: open /tmp/staged-updates612578530/launcher-1.0.16.tar.gz: no such file or directory] across two devices, where the temp staging directory no longer exists. I think it makes more sense to create a temp directory on the fly for staging, and clean it up after we finish download.

Future work + linked PRs

Subsequent PRs will tackle the following (order is not set in stone):

1. Devices on beta channel use new autoupdate library
2. Devices on stable channel use new autoupdate library
3. Ship a more up-to-date TUF repo
4. Report new version to K2 after update
5. An "update now" functionality tied to control server
6. Eventually removing the old notary autoupdater

Previous work:

1. Run new TUF autoupdater side-by-side with notary autoupdater #1081
2. Expose data and metrics about new TUF autoupdater #1103
3. Point to production TUF infra #1108
4. Perform retry on TUF update #1110
5. Add library manager to handle TUF downloads #1111
6. Small autoupdate improvements #1119
7. Pass knapsack in to tuf autoupdater to simplify configuration #1168
8. [TUF autoupdater] Remove osquery client dependency #1178
9. Move TUF test setup to new package #1188
10. [TUF autoupdater] Check out latest #1185
11. [TUF autoupdater] Include arch in release file path and download file path #1195
12. [TUF] Keep staging directory clean #1270
13. [TUF autoupdater] Devices on nightly channel use new autoupdate library #1268
14. Small cleanup for initial TUF rollout #1305