Fix building to work with symlink to system tar in bosh bin dir

[KauzClay]

• copy system tar to bosh bin, stemcell building process Protect_Dir behavior didn't like the symlink I added in Symlink to old tar for backwards compatibility #101.
• I believe this is because the cacls/icacls commands in Protect-Dir and Protect-Path would try to follow that link into C:\Windows\System32, and messing with ACLs on that dir wasn't a good idea.
• I tried using the /L flag on cacls/icacls so that it would just stop at the link, but this led to some issues with the ACLs on the other linked dirs (var\vcap\data, var\vcap\sys, etc). Basically, we would see that anything added in the var\vcap\packages or var\vcap\sys would still have ACLS for BUILTIN\Users. I'm thinking that the existing implementation expects to be able to traverse links, which in the case of the data dir would be fine. Tried to get things working by messing with various cacls/icacls flags for inheritance, but after burning a couple days on it, decided it wasn't worth more effort. I think if we really wanted to do this, we'd have to add more granular ways to set permissions on things. But, considering we're gonna rip this out in the future anyway, I'm not sure it is worth it.
• I left some a comment explaining why that line is there, and then I'll squash this but leave a pretty thorough commit message. Hopefully that is enough to remind future us what this was for and what the criteria for removing it are

[KauzClay]

cacls has a /l flag that could be used to allow symlinks also, might be worth trying out instead copying (docs)

[aramprice]

Looks good to me... the "skip_cleanup": ${SKIP_CLEANUP} code seems unrelated though, is this meant to be here?