CreateSafeDirectory: Set "AI" flag on DACL.

Normally created directories have "AI" (SE_DACL_AUTO_INHERITED) set, but we weren't setting it on the protected directory's custom DACL.

Only ACLs from Windows NT 4.0 and earlier (which didn't support autoinheritance) are supposed to have the flag unset.

Projects/Src/InstFunc.pas

@@ -195,8 +195,10 @@ begin
   if IsUnderWindowsTemp or IsLocalTempToProtect then begin
     var StringSecurityDescriptor :=
       // D: adds a Discretionary ACL ("DACL", i.e. access control via SIDs)
-      // P: prevents DACL from being modified by inherited ACLs
-      'D:P';
+      // P: prevents DACL from being modified by inheritable ACEs
+      // AI: says automatic propagation of inheritable ACEs to child objects
+      //     is supported; always supposed to be set on Windows 2000+ ACLs
+      'D:PAI';
     var CurrentUserSid := GetCurrentUserSid;
     if CurrentUserSid = '' then
       CurrentUserSid := 'OW'; // OW: owner rights