To improve security for applications not using a custom session
handler, it's better to isolate sessions in a directory only
readable by the current php-fpm pool username.
As such, a security issue with one site allowing to browse files
won't allow to hijack sessions on a site served by another php-fpm pool.
Meanwhile, we reset to the default value in php.ini to allow quick tests
with php -S internal server on development servers.
Ref T417.