Pass parameters for shell function call using an array rather than (unquoted) string substitution

[ntninja]

Description of the issue/feature this PR addresses:
Modoboa assembles strings for shell commands using string substitution without quoting the parameters, leading, at least potentially (I haven't checked), to vulnerabilities (shell injection).

Current behavior before PR:
Assembling shell parameter lists was broken.

Desired behavior after PR is merged:
Assembling shell parameter lists should not be vulnerable to shell injection attacks.

[codecov]

Codecov Report

Merging #1608 into master will decrease coverage by 0.01%.
The diff coverage is 66.66%.

@@            Coverage Diff             @@
##           master    #1608      +/-   ##
==========================================
- Coverage   86.29%   86.28%   -0.02%     
==========================================
  Files         143      143              
  Lines        7560     7561       +1     
==========================================
  Hits         6524     6524              
- Misses       1036     1037       +1

[ntninja]

I fixed the dumb codestyle checker and the bug reported by the CI. Codecov is wrong on its claim however, as there is no coverage change because of this patch: https://codecov.io/gh/modoboa/modoboa/pull/1608/diff

[ntninja]

Bump

[tonioo]

I don't think it's a good idea to change this value since you did not modify commands to include absolute pathes. If you disable shell mode, PATH resolution won't be available, right?

[tonioo]

@Alexander255 Could you add a unit test? I don't want your PR (which is useful) to decrease the global coverage ;)