Log4j: Sanitize Log Parameters Created from User Input

[lastzero]

Even though PhotoPrism is not directly affected by the Log4j debacle:

• Log messages may contain parameters created from user input like photo & album titles
• We should do our best to remove potentially problematic strings

More information on the Apache Log4j vulnerability:

• https://blog.malwarebytes.com/exploits-and-vulnerabilities/2021/12/log4j-zero-day-log4shell-arrives-just-in-time-to-ruin-your-weekend/
• https://www.cve.org/CVERecord?id=CVE-2021-44228
• https://logging.apache.org/log4j/2.x/security.html

[lastzero]

Released! Please report any unintended side effects so that we can improve the input validation if needed 👍