quarantine: Fix calling RPCs with manual object quarantine environments

Quarantine directories are created in the storage's temporary directory, where the basenaem of the directory will have a simple "repo" prefix padded by a number of random bytes. With this generic prefix, it is impossible to tell whether a given quarantine directory does belong to a specific repository or not, so right now we'd have to assume that every quarantine directory may belong to any repository.

This poses a problem though: GetObjectDirectoryPath() verifies if a given object directory path does indeed belong to the repository it's given. This check is quite simple at the moment: we verify whether the object directory is located beneath the repository path. In the context of manual object quarantine directories, which are created in the temporary directory of a storage, this obviously falls apart given that it's now not contained in there anymore. To fix this, we thus must also allow object directories which are located in this temporary directory. But because we cannot determine whether such a directory belongs to the repository at hand, this would weaken our current protections.

To fix this, we now start to use a repository-specific prefix in the temporary directory. This prefix is simply the first 8 bytes of the hash of the repository's relative path, prefixed with "quarantine-". Like this, we can tell (within a certain but small window of error) whether a given quarantine directory belongs to a specific repository or not by comparing the prefix with the prefix as computed from that repo's relative path.

With this knowledge at hand, we then change GetObjectDirectoryPath() to also regard object directory paths as valid for the given repository in case it has the repo's quarantine directory path as prefix.

Part of #3691 (closed)