Use Named Sockets

Currently bzr-service uses a local port (11111). Which means that anyone on that machine can bind to that port and run commands as that user.

It also means that you can't have multiple versions of the server running for different users.

A simple fix would be to switch to using a unix named socket in /tmp, with appropriate permissions. (/tmp/tmdir-xxxx/socket.py all chmod go-rwx).

Originally I avoided unix sockets because I wanted to support Windows. But:

1) Win32 doesn't have os.fork(), cygwin does, but cygwin also has unix sockets.

2) We could use named pipes for windows instead

Another problem, though, is how to tell the client where to connect. The standard methods for "agents" are to use an environment variable. But as env vars are only inherited to children processes, this means that they need to be started as part of the initial startup, so they can be passed around.

Especially considering the current limitations of having interactive actions occurring in the original terminal, it isn't always feasible to do so.

However 'gpg-agent' has the ability to '--use-standard-socket' which puts a socket in ~/.gnupg/S.gpg-agent. I'll probably follow this model.