runtime(dist): centralize safe executable check and add vim library (#13413)

Follow up to 816fbcc26 (patch 9.0.1833: [security] runtime file fixes,
2023-08-31) and f7ac0ef50 (runtime: don't execute external commands when
loading ftplugins, 2023-09-06).

This puts the logic for safe executable checks in a single place, by introducing
a central vim library, so all filetypes benefit from consistency.

Notable changes:
- dist#vim because the (autoload) namespace for a new runtime support
  library. Supporting functions should get documentation. It might make
  life easier for NeoVim devs to make the documentation a new file
  rather than cram it into existing files, though we may want
  cross-references to it somewhere…
- The gzip and zip plugins need to be opted into by enabling execution
  of those programs (or the global plugin_exec). This needs
  documentation or discussion.
- This fixes a bug in the zig plugin: code setting s:tmp_cwd was removed
  in f7ac0ef50 (runtime: don't execute external commands when loading
  ftplugins, 2023-09-06), but the variable was still referenced. Since
  the new function takes care of that automatically, the variable is no
  longer needed.

Signed-off-by: D. Ben Knoble <ben.knoble+github@gmail.com>
Signed-off-by: Christian Brabandt <cb@256bit.org>

runtime/autoload/zip.vim

@@ -57,14 +57,10 @@ if !exists("g:zip_extractcmd")
  let g:zip_extractcmd= g:zip_unzipcmd
 endif
 
-let s:tmp_cwd = getcwd()
-if (fnamemodify(exepath(g:zip_unzipcmd), ":p:h") ==# getcwd()
-          \ && (index(split($PATH,has("win32")? ';' : ':'), s:tmp_cwd) == -1 || s:tmp_cwd == '.'))
- unlet s:tmp_cwd
+if !dist#vim#IsSafeExecutable('zip', g:zip_unzipcmd)
  echoerr "Warning: NOT executing " .. g:zip_unzipcmd .. " from current directory!"
  finish
 endif
-unlet s:tmp_cwd
 
 " ----------------
 "  Functions: {{{1