GLib provides a parser called GMarkup, which implements a subset of XML.
Application names may contain XML metacharacters, such as "<" and "&".
These must be escaped to prevent XML injection, but the app menu didn't
do that.

The GMarkup documentation explicitly states that GMarkup must not be
used to parse untrusted input [1].  Therefore, parsing malicious markup
may have undefined results.  Fortunately, there is no security problem
because the only allowed character with special meaning in XML is "&"
and ";" is not allowed.  Therefore, there is no way to create a valid
XML entity or inject tags.  The worst that can happen is the creation of
ill-formed markup that that GLib rejects.

This patch also addresses a URL construction bug: filenames need to be
URL-encoded in file:// URLs.

[1]: https://github.com/GNOME/glib/blob/3304a517d9a7bdbb52d60394fdae6f9903f0f4f3/glib/gmarkup.c#L50-L51

fixes: QubesOS/qubes-issues#9611

The 'xdg' module is imported, so add it also to dependencies.

The 'xdg' module is imported, so add it also to dependencies.

It used to be pulled by something else in the CI environment, but it
seems it isn't anymore.

This adds Wayland support on compositors that support the
wlr-layer-shell protocol, which includes KWin, Sway, COSMIC, niri, Mir,
GameScope, and Jay.  The only major compositors without support for
wlr-layer-shell are Mutter, which is generally only used by GNOME, and
Weston, which is not a general-purpose desktop compositor.

* origin/pr/51:
  Escape application names for GMarkup

* origin/pr/54:
  ci: depend on python3-pyxdg explicitly
  debian: add explicit dependency on python3-xdg
  rpm: add explicit depenency on pyxdg

* origin/pr/53:
  Wayland support via wlr-layer-shell

Pull request description:

This is almost completely working under Wayland.  To test, use a compositor that supports Layer Shell, such as KWin.  KWin can be spawned nested inside an X11 window, such as what Qubes OS provides.

Issues:

1. [x] The window is too short: fixed by explicitly setting the menu size every time the window is opened.
2. [x] The configuration options that control where the app menu appears did not work: fixed by explicitly checking for them and anchoring the window to the correct corner
3. [x] Tests code was included in the production script: I moved the test code to my own local branch.
4. [ ] `mouse` mode is interpreted as `bottom-left` (KDE) or `top-left` (otherwise): will be fixed by providing mouse information via IPC.

Fixes QubesOS/qubes-issues#9600