Completion insecurities handled on startup.

Completion-dependent directories with insecure permissions or ownership (e.g.,
group or other writability) are now detected, reported, and sanitized on OMZ
startup rather than unsafely ignored -- which resulted in effectively empty
completion caches and obscure compdef() errors resembling
"compdef: unknown command or service: git".

This fixes long-standing issues #630, #3356, and #3455 and related Babun issues
159, 281, and 322 -- and probably numerous other duplicates.

oh-my-zsh.sh

@@ -8,6 +8,9 @@ fi
 # add a function path
 fpath=($ZSH/functions $ZSH/completions $fpath)
 
+# Load all stock functions (from $fpath files) called below.
+autoload -U compaudit compinit
+
 # Set ZSH_CUSTOM to the path where your custom config files
 # and plugins exists, or else we will use the default custom/
 if [[ -z "$ZSH_CUSTOM" ]]; then
@@ -64,9 +67,14 @@ if [ -z "$ZSH_COMPDUMP" ]; then
   ZSH_COMPDUMP="${ZDOTDIR:-${HOME}}/.zcompdump-${SHORT_HOST}-${ZSH_VERSION}"
 fi
 
-# Load and run compinit
-autoload -U compinit
-compinit -i -d "${ZSH_COMPDUMP}"
+# If completion insecurities exist, warn the user without enabling completions.
+if ! compaudit &>/dev/null; then
+  # This function resides in the "lib/compfix.zsh" script sourced above.
+  handle_completion_insecurities
+# Else, enable and cache completions to the desired file.
+else
+  compinit -d "${ZSH_COMPDUMP}"
+fi
 
 # Load all of the plugins that were defined in ~/.zshrc
 for plugin ($plugins); do