Do not do magic to achieve a hermetic /tmp when the sandbox is hermetic.

The sandbox process already does a `chroot()` and creates a fresh `/tmp` in it so no magic is needed.

RELNOTES: None.
PiperOrigin-RevId: 579782553
Change-Id: Ia5df1911ab326b739a0693ae81c794ecd8dce53d

Author: lberki

src/main/java/com/google/devtools/build/lib/sandbox/LinuxSandboxedSpawnRunner.java

@@ -187,6 +187,12 @@ private boolean useHermeticTmp() {
       return false;
     }
 
+    if (getSandboxOptions().useHermetic) {
+      // The hermetic sandbox is, well, already hermetic. Also, it creates an empty /tmp by default
+      // so nothing needs to be done to achieve a /tmp that is also hermetic.
+      return false;
+    }
+
     boolean tmpExplicitlyBindMounted =
         getSandboxOptions().sandboxAdditionalMounts.stream()
             .anyMatch(e -> e.getKey().equals("/tmp"));