feat: Move /.firstRunComplete to /tmp to prepare readonly rootfs

[mkilchhofer]

I currently migrate all my Kubernetes workloads to containers with read-only rootfs.

The plex container is a bit tricky with the /.firstRunComplete file. If you'd move that file to /tmp, it would be possible to mount a temporary filesystem which is writable (Kubernetes emptyDir) below /tmp.

The s6 suite also have issues with read-only rootfs but it (officially) supports it by setting S6_READ_ONLY_ROOT=1. Ref: https://github.com/just-containers/s6-overlay#read-only-root-filesystem