An attacker on the remote side (for example a regular user there) could create
a symbolic link at the destination pathname for the remote proxy certificate
(like `/tmp/x509up_u1000`).

If that symbolic link would refer to a directory writable by the user, the proxy
certificate file  would end up in the directory owned by the attacker.
This in turn may allow the attacker to read the file (for example when the
directory is a mountpoint controlled by the attacker).

Use `mv`’s `--no-target-directory`-option in order to prevent this.

If such symbolic link is owned by the user it would get overwritten.

Signed-off-by: Christoph Anton Mitterer <mail@christoph.anton.mitterer.name>