Better handle propagation of ROOT_TOKEN content

[lionelains]

The ROOT_TOKEN variable content is retrieved from the stdout of scripts unseal or initialize-vault.
However, for yet-to-understand reasons, just capturing their stdout into the variable ROOT_TOKEN using the following sample code:

ROOT_TOKEN=$(unseal)

or even:

ROOT_TOKEN=`unseal`

both seem to fail (we end-up not able to press enter before inserting Yubikey's PIN, thus freezing the whole process).

So far, we had to fix this by using the following hack:

orca/src/run_ceremony.nix

Lines 94 to 96 in 604a527

	${pkgs.lib.getExe (with orca_protocol; if expect_initialized then unseal else initialize-vault)} > /tmp/root_token
	export VAULT_TOKEN=$(cat /tmp/root_token)
	rm /tmp/root_token

We should try to analyse the issue further and avoid the creation of a temporary file, that adds weakness to the whole process (the root token could be caught while the file appears briefly in the file system, although this requires first getting a shell on the machine).