[25.0.0-rc.1] regression: CLI leaves behind plugin socket mount-points

[thaJeztah]

Description

The plugin-sockets added in #4599 appear to be leaving behind mount-points

Reproduce

Create an empty directory, and run a command that executes a plugin;

mkdir -p myproject && cd myproject

docker buildx version
github.com/docker/buildx v0.12.0-desktop.2 c5a13b51c1ae9358eb691e9a21c955590e26d0a0

Check the content of the directory;

ls -l
srwxr-xr-x  1 thajeztah  staff   0 Jan 12 10:51 @docker_cli_43243a8d-599e-4844-a193-b617dc5cd222

When building without BuildKit enabled, these also cause warnings to be printed as they end up in the local directory (which usually is the build-context);

DOCKER_BUILDKIT=0 docker build --no-cache -f- . <<'EOF'
FROm alpine
EOF

DEPRECATED: The legacy builder is deprecated and will be removed in a future release.
            BuildKit is currently disabled; enable it by removing the DOCKER_BUILDKIT=0
            environment-variable.

ERRO[0000] Can't add file /Users/thajeztah/Projects/myproject/@docker_cli_43243a8d-599e-4844-a193-b617dc5cd222 to tar: archive/tar: sockets not supported
Sending build context to Docker daemon  1.583kB
Step 1/1 : FROm alpine
 ---> 34871e729050
Successfully built 34871e729050

Expected behavior

No response

docker version

docker version
Client:
 Cloud integration: v1.0.35+desktop.7
 Version:           25.0.0-rc.1
 API version:       1.44
 Go version:        go1.21.5
 Git commit:        8812e0a
 Built:             Thu Jan  4 16:27:00 2024
 OS/Arch:           darwin/arm64
 Context:           desktop-linux

docker info

not relevant

Additional Info

We should also check what happens if a plugin would run a container that bind-mounts the current directory. For example, if Docker Compose runs a container, and bind-mounts the directory, it would likely bind-mount the socket into the container (with all possible fun consequences of that?)