Safety improvements

• use make DESTDIR=/tmp/ghcup-blah install strategy for make based installs and then merge manually to the target directory (this will also remove the need to cleanup non-temporary dirs on make install failure)... need to make sure GHC and HLS build systems properly support it
• migrate to using a database (can be plain files) for recording installed files to avoid recursive deletion operations on unknown contents. This depends on the previous point.
• for legacy installs, fall back to recursive deletions, but enforce that these can only happen in type-level
  • create a smart constructor mkStaticSubdir :: FilePath -> Path "ghcup" ; mkStaticSubdir base = Path (base </> ".ghcup")
  • wrap removeDirectoryRecursive to only accept Path "ghcup", while other functions can operate on polymorphic Path a (path/hpath packages use similar strategies), while limiting filepath operations on Path "ghcup" to maintain the invariant

This should make ghcup imitate package managers more closely and improve safety on unexpected conditions.

---

Edit:

More interesting things:

• https://github.com/teh/hsseccomp/issues/8