CVE-2026-47712: Dulwich doesn't sanitize commit subjects in `porcelain.format_patch`

dulwich.porcelain.format_patch(outdir=…) derives each patch filename from the commit’s subject line. Prior to this fix, get_summary only replaced spaces with dashes - path separators (/, ), parent-directory components (..), and other filename-hostile characters (e.g. :) were preserved verbatim and passed straight into os.path.join(outdir, f"{i:04d}-{summary}.patch").

A malicious commit subject could therefore direct the generated patch file outside the requested outdir. Reduced examples:

• x/../../x produced /0001-x/../../x.patch, resolving two directories above outdir.
• x....\x produced the equivalent escape on Windows, here \ is also a path separator.

Related issues from the same root cause:

• Subjects containing characters that are illegal in Windows filenames (e.g. :) caused format_patch to fail outright on Windows, where git would have succeeded.
• Very long subjects produced excessively long filenames that could exceed filesystem limits; git truncates them.

Anyone calling porcelain.format_patch (or the dulwich format-patch CLI) against untrusted commits - for example, a service that runs format-patch over user-supplied repositories or pull requests - could have patch files written to attacker-chosen locations within the process’s write permissions.