Security fix:
Resolve sanitizePath not eliminating .. from paths. This affects users
of sanitizePath and sanitizePathIfNotUrl from Network.Gopher.Util.

This issue only affects the spacecookie library, not the spacecookie server
daemon since a separate check would prevent it from handling such malicious
requests (which delayed the discovery of this bug). It is probably wise to
upgrade either way.

Note that gophermap parsing behavior is unchanged, i.e. it just normalises
paths, even though makeGophermapFilePath used to call sanitizePath in
previous versions. This is due to the assumption that gophermaps come from a
trusted source and/or paths produced from gophermap parsing aren't used to
access files directly, i.e. those paths are only served to clients (whose later
requests are subject to selector sanitization) as selectors in menus. If those
assumptions don't hold for your code, you will need to further sanitize the
paths returned from gophermapToDirectoryResponse.