cmd/go/internal/modfetch: avoid leaking a lockedfile.File in case of write errors

The go modules download command has a method called hashZip which checks the
hash of a zipped directory versus an expected value, and then writes it out
to a file. In the event that the write operation is not successful, we do
not close the file, leading to it being leaked. This could happen if the
user runs out of disk space, causing the underlying OS write command to
return an error. Ultimately, this led to a panic in lockfile.OpenFile which
was invoked from a finalizer garbage collecting the leaked file. The result
was a stack trace that didn't show the call stack from where the write
operation actually failed.

Fixes #50858

Change-Id: I4a24d2ab13dc903d623bbf8252b37bb9d724b8de
GitHub-Last-Rev: 354ef1d29ed9d9bb2d9bfe4b73306c550aab07fd
GitHub-Pull-Request: golang/go#51058
Reviewed-on: https://go-review.googlesource.com/c/go/+/383915


Trust: Cherry Mui <cherryyz@google.com>
Reviewed-by: Bryan Mills <bcmills@google.com>
Run-TryBot: Bryan Mills <bcmills@google.com>
TryBot-Result: Gopher Robot <gobot@golang.org>