Most temp file directories need to be hardened against execution, but
libffi needs execute privileges.  Add a libffi-specific temp directory
that can be set up by sysadmins as needed with suitable permissions.
This both ensures that libffi will have a valid temp directory to use
as well as preventing attempts to access other directories.

diff -rup a/src/closures.c b/src/closures.c
--- a/src/closures.c	2014-05-11 09:54:19.000000000 -0400
+++ b/src/closures.c	2020-04-29 20:50:00.454853909 -0400
@@ -362,6 +362,7 @@ static struct
   const char *arg;
   int repeat;
 } open_temp_exec_file_opts[] = {
+  { open_temp_exec_file_env, "LIBFFI_TMPDIR", 0 },
   { open_temp_exec_file_env, "TMPDIR", 0 },
   { open_temp_exec_file_dir, "/tmp", 0 },
   { open_temp_exec_file_dir, "/var/tmp", 0 },