pyret-npm should default to `$XDG_RUNTIME_DIR` and/or check socket ownership

[ironm00n]

Currently pyret-npm defaults its socket file within /tmp/parley-<username>/ which is problematic for a number of reasons:

1. Permissions are never updated inside the tmp dir, making the socket writable by any user on your machine
2. /tmp isn't guaranteed to be cleaned up between logins resulting in stale sockets

Where available, we should use $XDG_RUNTIME_DIR--which is guaranteed to be only readable by the current user and scoped to a user's login session.

Otherwise, if we must fallback to /tmp/parley-<username>/, we should be checking the current ownership and permissions of the directory.

The current setup is a security risk