Kicad-cli: sym export svg writes to unsanitized file name

Description

Some manufacturers have characters that are not permitted in file paths in their MPNs. When exporting the symbol of such a part (MCP4728-E/UN) to svg, I get the following output and (for obvious reasons) no svg-file:

Unable to open destination 'mcp4728-e/un.svg'
Plotting symbol 'MCP4728-E/UN' to 'mcp4728-e/un.svg'

Expected behavior: Filenames should be sanitized before trying to write to disk.

P.S.: I also attempted this with a LIBRARY_ID of '../MCP4728-EUN' and got (as feared) the following output:

Plotting symbol '../MCP4728-EUN' to '../mcp4728-eun.svg'

This makes it pretty dangerous to use this in a CI environment, as a malicious file could be introduced to overwrite arbitrary files that the current user has access to.

Steps to reproduce

1. Create a .kicad_sym-file with a LIBRARY_ID that contains e.g. /
2. Run kicad-cli-nightly sym export svg $FILENAME (or kicad-cli if compiled from source)
3. Get the error as described above

KiCad Version

Application: KiCad x86_64 on x86_64

Version: 7.99.0-unknown-aab0696bb6~172~ubuntu22.04.1, release build

Libraries:
        wxWidgets 3.2.1
        FreeType 2.11.1
        HarfBuzz 2.7.4
        FontConfig 2.13.1
        libcurl/7.81.0 OpenSSL/3.0.2 zlib/1.2.11 brotli/1.0.9 zstd/1.4.8 libidn2/2.3.2 libpsl/0.21.0 (+libidn2/2.3.2) libssh/0.9.6/openssl/zlib nghttp2/1.43.0 librtmp/2.3 OpenLDAP/2.5.16

Platform: Ubuntu 22.04.3 LTS, 64 bit, Little endian, wxGTK, X11, ubuntu, wayland

Build Info:
        Date: Sep 26 2023 16:04:59
        wxWidgets: 3.2.1 (wchar_t,wx containers) GTK+ 3.24
        Boost: 1.74.0
        OCC: 7.5.2
        Curl: 7.81.0
        ngspice: 40
        Compiler: GCC 11.4.0 with C++ ABI 1016

Build settings: