aerc: backport an upstream patch for handling of attachments' filenames

The patch is not part of a tagged release yet so we apply it selectively
instead of upgrading whole aerc. While it is originally presented as
a usability problem only for attachments with absolutes filepaths (they
fail to open), there is nothing stopping you from putting a relative
path in there therefore forcing aerc to overwriting any path on the host
system with sender chosen data. It's been marked as CVE-2025-49466

I decided to inline the patches into nixpkgs as they are very short and
the current bot protection of git.sr.ht complicates patch fetching.

0 files changed, 0 insertions, 0 deletions