[cherry-pick] Avoid dangling symlinks in git-init

[vdemeester]

When the following conditions are met:

1. the feature flag disable-home-env-overwrite is "true"
2. the container user is root
3. no git / ssh secret is attached to a taskrun service account
4. user is running new-ish version of catalog git-clone task with git-init v0.15.2+

git-init will error out in the git-clone task because we create a circular symlink
from /root/.ssh to itself and then try to look up /root/.ssh/known_hosts.

This commit adds a check to avoid this from happening:

If the user's $HOME/.ssh directory doesn't exist or if they aren't able to access it
for any reason, then we don't try to create a symlink to it at all since we can trust that
the user is incapable of utilizing the credential.

This commit also expands an existing check to see if the $HOME/.ssh directory is
the same as the user's home directory + '.ssh'. This was originally only checked if
the user was nonroot, but now this is also checked if the user is root too.

(cherry picked from commit 1160686)
Signed-off-by: Vincent Demeester [email protected]

/kind bug
/cc @sbwsg @bobcatfish @afrittoli

Changes

Submitter Checklist

These are the criteria that every PR should meet, please check them off as you
review them:

• Includes tests (if functionality changed/added)
• Includes docs (if user facing)
• Commit messages follow commit message best practices
• Release notes block has been filled in or deleted (only if no user facing changes)

See the contribution guide for more details.

Double check this list of stuff that's easy to miss:

• If you are adding a new binary/image to the cmd dir, please update
  the release Task to build and release this image.

Reviewer Notes

If API changes are included, additive changes must be approved by at least two OWNERS and backwards incompatible changes must be approved by more than 50% of the OWNERS, and they must first be added in a backwards compatible way.

Release Notes

Fixed a bug in `git-init` that allowed a circular symlink to be created from `/root/.ssh` to itself if no SSH credentials are present in the service account and the `disable-home-env-overwrite` flag is set to `"true"`.

[tekton-robot]

The following is the coverage report on the affected files.
Say /test pull-tekton-pipeline-go-coverage to re-run this coverage report

File	Old Coverage	New Coverage	Delta
pkg/git/git.go	2.4%	2.3%	-0.1

[tekton-robot]

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: sbwsg

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

• OWNERS [sbwsg]

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[ghost]

/lgtm

[vdemeester]

/retest