[#149] Prevent path traversal
The web server did not prevent users from using ".." to traverse down a path.
Code changed in %ydbwebapi, with a small change in %ydbwebrsp that
fixes error messages doubling up, which was now found and fixed since
it added a 404 not found error on top of the 403 forbidden error.
All test cases including URL-encoded and Unicode-encoded path traversal
attempts in new test tPathTraversal.