Loader extracts executables to /tmp, triggers security scanners

[xroche]

The loader constructor extracts both libdd_profiling-embedded.so and the ddprof executable to /tmp on every load, even when ddprof is installed as a package and both files already exist in standard system paths.

This creates files like /tmp/ddprof-<hash> (mode 0755) and /tmp/libdd_profiling-embedded.so-<hash>, which triggers endpoint security scanners (e.g. CrowdStrike Falcon) that flag new executables in /tmp.

When ddprof is installed, dlopen can find the .so through the standard search path and execvp can find the binary through PATH. The /tmp extraction should only be a fallback for self-contained / ad-hoc usage.