Sanitize attachment filenames

[selfhoster1312]

We should make sure:

• a filename is valid UTF-8
• a filename does not exceed X bytes to it's valid on all filesystems
• a filename does not contain slashes, or other funky characters

Right now we're doing nothing of the sort and it's fantastic that this hasn't produced more bugs and exploitation in the wild.

[selfhoster1312]

So i actually misread the code we do perform some form of validation by removing any non-ASCII character as defined in this regex. This is only applied to the non-extension part of the filename, so an extension may still contain funky business.

This is a little restrictive but i think that's OK (at least for now). But we don't check the filename length. This should be an easy fix.

Side-note for performance: the regex is evaluted on every incoming message, even when there no files i believe. Compiling regexes in a tight loop is a big no no for performance. We should store it in a kind of global variable, or in every gateway, compiled once on startup.

[selfhoster1312]

So it looks like initial filename sanitation was "only" to avoid spaces in URLs: 42wim#416

Maybe it's safer to sanitize the extension, too. And when we finally get user reports about UTF-8 filenames we can investigate how to sanitize that properly.