Exclude dot directories when searching ZEEK_PLUGIN_PATH

Dot directories rarely contain anything we would want to load as a
dynamic plugin. Even worse, they likely contain files with externally
controlled lifetimes which might be removed while we are using them
(see e.g., zeek/btest#98).

With this patch we do not search _discovered_ dot directories anymore.
We continue to load from a user-specified `ZEEK_PLUGIN_PATH`, even if
its name starts with a dot.

Since this patch changes previous behavior it is a **BREAKING CHANGE**.

src/plugin/Manager.cc

@@ -147,6 +147,10 @@ void Manager::SearchDynamicPlugins(const std::string& dir)
 		if ( strcmp(dp->d_name, "..") == 0 || strcmp(dp->d_name, ".") == 0 )
 			continue;
 
+		// We do not search plugins in discovered dot directories.
+		if ( (dp->d_name[0] == '.') && dp->d_type == DT_DIR )
+			continue;
+
 		string path = dir + "/" + dp->d_name;
 
 		if ( stat(path.c_str(), &st) < 0 )

testing/btest/plugins/plugin-load-dot-dir.zeek

@@ -0,0 +1,20 @@
+# @TEST-DOC: Checks dot directories are not searched for `ZEEK_PLUGIN_PATH`.
+
+# @TEST-EXEC: mkdir 1
+# @TEST-EXEC: cd 1 && ${DIST}/auxil/zeek-aux/plugin-support/init-plugin -u . Testing Plugin1 >/dev/null 2>&1
+# @TEST-EXEC: cd 1 && (./configure --zeek-dist=${DIST} && make) >/dev/null 2>&1
+
+# It is fine to move the compiled pluging around and we can still load it.
+# @TEST-EXEC: mv 1 11
+# @TEST-EXEC: ZEEK_PLUGIN_PATH=. zeek -b -N Testing::Plugin1 # Baseline
+
+# If the plugin is in a dot directory unser `ZEEK_PLUGIN_PATH`
+# it is not loaded anymore.
+# @TEST-EXEC: mv 11 .1
+# @TEST-EXEC-FAIL: ZEEK_PLUGIN_PATH=. zeek -b -N Testing::Plugin1 # Plugin in dot.
+
+# If however `ZEEK_PLUGIN_PATH` itself is the only dot directory
+# in the path the plugin gets loaded.
+# @TEST-EXEC: mkdir .plug
+# @TEST-EXEC: mv .1 .plug/1
+# @TEST-EXEC: ZEEK_PLUGIN_PATH=.plug zeek -b -N Testing::Plugin1 # ZEEK_PLUGIN_PATH is dot.