Atomically update config files.

There's a race condition on shutdown between Java and native code.
A stack shutdown is issued from Java and in the meantime the
calling thread calls System.exit(0). If that line is reached before
the native code has had a chance to shut down cleanly, the system
could be stuck in a bad state.

This change uses rename(2) to replace an existing config file
atomically instead of truncating, writing, and then flushing. In
case of a crash or the race condition above, the config file will
still be valid.

There's an implementation gotcha. The config saving code uses ".new"
as a suffix on the original filename to write to a temporary file.
If a file by that name already exists, it will be overwritten.