[clang] Bypass sandbox in `ModuleDependencyCollector` (#175220)

This PR disables the sandbox for file collection within
`ModuleDependencyCollector`. This is typically only invoked when the
`-module-dependency-dir` option is specified for generating a crash
report, where the sandbox is not as crucial as for regular compilation.

clang/lib/Frontend/ModuleDependencyCollector.cpp

diff --git a/clang/lib/Frontend/ModuleDependencyCollector.cpp b/clang/lib/Frontend/ModuleDependencyCollector.cpp
index ff37065..3841537 100644
--- a/clang/lib/Frontend/ModuleDependencyCollector.cpp
+++ b/clang/lib/Frontend/ModuleDependencyCollector.cpp
@@ -16,6 +16,7 @@
 #include "clang/Serialization/ASTReader.h"
 #include "llvm/Config/llvm-config.h"
 #include "llvm/Support/FileSystem.h"
+#include "llvm/Support/IOSandbox.h"
 #include "llvm/Support/Path.h"
 #include "llvm/Support/raw_ostream.h"
 
@@ -161,11 +162,16 @@
   }
 
   // Copy the file into place.
-  if (std::error_code EC = fs::create_directories(path::parent_path(CacheDst),
-                                                  /*IgnoreExisting=*/true))
-    return EC;
-  if (std::error_code EC = fs::copy_file(Paths.CopyFrom, CacheDst))
-    return EC;
+  {
+    // FIXME(sandboxing): Implement this via vfs::{FileSystem,OutputBackend}.
+    auto BypassSandbox = sandbox::scopedDisable();
+
+    if (std::error_code EC = fs::create_directories(path::parent_path(CacheDst),
+                                                    /*IgnoreExisting=*/true))
+      return EC;
+    if (std::error_code EC = fs::copy_file(Paths.CopyFrom, CacheDst))
+      return EC;
+  }
 
   // Always map a canonical src path to its real path into the YAML, by doing
   // this we map different virtual src paths to the same entry in the VFS