filter the trigger for valid characters

Paul Geversrequested to merge
elbrus/debci:bts-902337-validate-triggers into master

The trigger string is escaped properly everywhere except when it is returned from the amqp queue. It is therefor susceptible for command line injection. Let's only allow the characters explicitly, i.e. valid package names, valid version strings, upper case letters, / (britney uses it to separate the package name from its version), _ (as a replacement for the space) and , (which I want to use to separate multiple triggers in the near future).

Closes: #902337

@terceiro I'm not sure this is all proper ruby style. I worry mostly about the way to return/exit in job.rb but as this is the place where the command goes to the queue I didn't want to leave out the check there.

Merge request reports