Better validation for input/output paths

• Doc Kit 0.5 now uses an additional regex charclass_files_strict to try to avoid writing to out-of-scope output paths on the user's machine. However, it does not quite protect against enough cases.
  ../ is caught at the beginning of the string but will not be caught, e.g. after a leading ./ or within some/path/../../../../../now/we/are/very/far/up.
  There may be other issues I did not think about.

• For the input paths, we use charclass_files_relaxed and that intentionally allows a leading ../, however, even there, we still should not allow e.g. ../../ because then we're outside the repo and it does not make sense anymore.