Instead of using umask to ensure sensitive files are created with
restrictive permissions, git-crypt now does:
create_protected_file(filename);
std::ofstream out(filename);
// ...
create_protected_file can have different Unix and Windows implementations.
create_protected_file should be easier to implement on Windows than a
umask equivalent, and this pattern keeps the amount of platform-specific
code to a minimum and avoids #ifdefs.
This abstracts away the details of argument quoting, which differs
between Unix and Windows.
Also replace all uses of the system() library call with exec_command().
Although system() exists on Windows, it executes the command via cmd.exe,
which has ridiculous escaping rules.
Move Unix-specific code to util-unix.cpp, and place Windows equivalents
in util-win32.cpp. Most of the Windows functions are just stubs at
the moment, and we need a build system that works on Windows.
