bundle: pkexec to user-writeable file allows for arbitrary code execution with uid=0

I think something is very wrong with how we are executing openvpn from within the bundle. Client is installing a "dynamic" pkexec that changes every time that the bundle changes path.

This polkit file points to a binary with user-writeable privileges. So any process in userspace can overwrite that file.

This, in turn, is a grave vulnerability since it means that having write permissions is automatically turned into arbitrary code execution with uid 0.

To fix this, we should a) copy the openvpn binary into a root-writeable folder. b) Clarify to the user that the "gimme sudo" dialog should only appear during the first run of a bundle, not every time.

(from redmine: created on 2014-04-30, closed on 2014-05-08, relates #5625 (closed), duplicates #5626 (closed))