failure to append an input to a package tarball leaves an incomplete tarball in the output location

[gjcolombo]

See oxidecomputer/propolis#812 for a specific case of this.

ILTM like the output archive gets created on this path, at least for zone tarballs:

omicron-package/src/package.rs

Lines 664 to 674 in 13afd8c

	// Actually build the package
	timer.start("add inputs to package");
	let mut archive = new_zone_archive_builder(name, output_directory).await?;
	for input in inputs.0.iter() {
	self.add_input_to_package(&**progress, &mut archive, input)
	.await
	.with_context(|| format!("Adding input {input:?}"))?;
	}
	timer.start("finalize archive");
	let file = archive.into_inner()?.finish()?;

If one of the calls to add_input_to_package fails, the ArchiveBuilder and its enclosed tar::Builder will be dropped. Dropping the tar::Builder finalizes the archive (by calling Builder::finish) in whatever state it was in when the error occurred.

It would be nice either to delete partial package archives on failure or (as @faithanalog suggested in propolis#812) construct them in a temporary location and move them to the final location only when the archive is fully constructed.