Prior to this commit, the `PathResourceResolver` would check several
things before resolving static resources:
* make sure that the resolved resource is under an authorized location
* make sure that the whole resource path does not contain illegal chars
(combinations of URL encoded "%" chars and "../" path traversal)
In some cases, those checks may be too strict and limit legal usage like
1) configuring a static location such as "file: ../client-module/src"
2) trying to resolve an NPM-versioned resource like
This commit performs the invalid character checks on the incoming
resource path only, considering that the configured location path is
trusted by the user. The location checks are still performed.