Unsafe URL construction in the `CodeSnippets` cog

[decorator-factory]

Exploitation example:

<https://github.com/python/cpython/blob/main/../../../../users/octocat#L1>

(discord unhelpfully resolves the ..s)

The reason this is happening is this regex matching ../../../../users/octocat as the filename and then blindly substituting it into this URL template. .. in a URL has a similar meaning to UNIX file paths: the parent directory. So the resulting URL (https://api.github.com/repos/python/cpython/contents/../../../../users/octocat?ref=main) means the same as https://api.github.com/users/octocat?ref=main.

Not sure if there's a good fix for this besides just not allowing (\.|%2[eE]){2} in the URL. (Yes, .%2E and %2e%2E do both mean "parent directory", don't you love URI)