filter out control characters in warning messages

Converted warning and similar to use StringContainingQuotedPath. Most
warnings are static strings, some do refer to filepaths that need to be
quoted, and others don't need quoting.

Note that, since quote filters out control characters of even
UnquotedString, this makes all warnings safe, even when an attacker
sneaks in a control character in some other way.

When json is being output, no quoting is done, since json gets its own
quoting.

This does, as a side effect, make warning messages in json output not
be indented. The indentation is only needed to offset warning messages
underneath the display of the file they apply to, so that's ok.

Sponsored-by: Brett Eisenberg on Patreon

Assistant/Threads/SanityChecker.hs

@@ -127,7 +127,7 @@ sanityCheckerDailyThread urlrenderer = namedThread "SanityCheckerDaily" $ foreve
 		return r
 
 	showerr e = do
-		liftAnnex $ warning $ show e
+		liftAnnex $ warning $ UnquotedString $ show e
 		return False
 
 {- Only run one check per day, from the time of the last check. -}
@@ -198,7 +198,7 @@ dailyCheck urlrenderer = do
 	toonew timestamp now = now < (realToFrac (timestamp + slop) :: POSIXTime)
 	slop = fromIntegral tenMinutes
 	insanity msg = do
-		liftAnnex $ warning msg
+		liftAnnex $ warning (UnquotedString msg)
 		void $ addAlert $ sanityCheckFixAlert msg
 	addsymlink file s = do
 		Watcher.runHandler Watcher.onAddSymlink file s