chore: implement process-safe temp file cleanup (#9241)

Signed-off-by: knqyf263 <knqyf263@gmail.com>
Co-authored-by: knqyf263 <knqyf263@users.noreply.github.com>

misc/lint/rules.go

@@ -35,3 +35,16 @@ func mapSet(m dsl.Matcher) {
 	m.Match(`map[$x]struct{}`).
 		Report("use github.com/aquasecurity/trivy/pkg/set.Set instead of map.")
 }
+
+// Enforce usage of x/os package for temporary file operations
+func tempFileOps(m dsl.Matcher) {
+	m.Match(`os.CreateTemp($*args)`).
+		Where(!m.File().Name.Matches(`.*_test\.go$`)).
+		Suggest(`xos.CreateTemp($args)`).
+		Report("use github.com/aquasecurity/trivy/pkg/x/os.CreateTemp instead of os.CreateTemp for process-safe temp file cleanup")
+
+	m.Match(`os.MkdirTemp($*args)`).
+		Where(!m.File().Name.Matches(`.*_test\.go$`)).
+		Suggest(`xos.MkdirTemp($args)`).
+		Report("use github.com/aquasecurity/trivy/pkg/x/os.MkdirTemp instead of os.MkdirTemp for process-safe temp file cleanup")
+}