MFC r306417: portsnap: only move expected snapshot contents from snap/ to files/

Previously it was possible to smuggle in addional files that would
used by later portsnap runs. Now we only move those files expected
to be in the snapshot into files/ and require that there are no
unexpected files.

This was used by portsnap attacks 2, 3, and 4 in the "non-cryptanalytic
attacks against FreeBSD update components" anonymous gist.