(PUP-2478) Remove current directory from Ruby load path.

The current directory ('.') is on the load path for Ruby 1.8.7.
This is a security vulnerability as it allows arbitrary code loading if
users create ruby source files with names that correspond to those that
puppet is trying to load.

The fix is to explicitly remove '.' from the load path before any code
is loaded by puppet.

bin/puppet

@@ -1,4 +1,8 @@
 #!/usr/bin/env ruby
 
+# For security reasons, ensure that '.' is not on the load path
+# This is primarily for 1.8.7 since 1.9.2+ doesn't put '.' on the load path
+$LOAD_PATH.delete '.'
+
 require 'puppet/util/command_line'
 Puppet::Util::CommandLine.new.execute