use XDG_RUNTIME_DIR instead of /tmp
The issue is, that POSIX only enforces the permissions of the containing
directory but not the permissions of the socket itself. This can lead to
potential security issues, as the command socket is not built for untrusted
input. In the case that XDG_RUNTIME_DIR is not available, a directory under
/tmp is created having the correct permissions to protect the socket under
it.