Choose and follow a unified strategy about responding disk storage errors.

When we are unable to write a file to disk, what should we do?

Should we retry these errors? Should we exit the relevant subsystem with a fatal error? Should we just shut down?

And does it depend on what failed? Should we retry on disk-full, but exit on permissions failures?

Whatever we decide, it would probably be a good idea to do this uniformly. Look for TODO (#1226) for places where we would apply such a decision.