Avoid symlink attack when writing amnesia owned file as root

Dennis Brinkrolf reported a symlink attack that leads to privilege escalation via Dotfiles, sudo, and gnome-shell-save-environment.

We are reusing the nosymfollow mountpoint created by tps here to mitigate symlink attacks.

Closes #19424

TODO:

• Check Jenkins