Simplify TMPDIR handling

This is a meta bug about the issues in out current handling of $TMPDIR and a proposed solution to simplify things again.

The downside of this approach maybe that the apparmor rules for /tmp need
to be relaxed in the default policy for snaps. I.e. the security shifts
from the very explicit apparmor to the more implicit/magic ubuntu-core-launcher private /tmp mount. If we decide against changing the apparmor rules we may consider not doing the private /tmp as it seems to add little value (we added it so that apps that are not honoring TMPDIR work normally, but those will not work unless we relax the apparmor rules).

Currently there are various bugs like:
- lp:1457839, lp:1460517
- lp:1462910, lp:1462909, lp:1462905, lp:1462903

I would like to simplify the TMPDIR handling in the following way:
- ubuntu-core-launcher creates private mount that is used for /tmp [done]
- ubuntu-core-launcher ensures the private /tmp inside the private mount is mode 1777 (#1462910)
- ubuntu-core-launcher ensures that the private base directory for the tmp is something mode 700
- ubuntu-core-launcher sets TMPDIR, TEMPDIR, SNAP_TEMP_DIR environment to /tmp (#1462903)
- ubuntu-core-launcher drops code for mkoldtmpdir() (#1462905)
- update apparmor rules for apps to allow /tmp
- snappy does not set TMPDIR, TEMPDIR, SNAP_TEMP_DIR anymore (thats the launchers job now) (#1462909)
- check if any documentation needs updating