[core] Validate proposed file extensions

[dirkf]

Boilerplate: yt-dlp/own code, fix

## Please follow the guide below

• You will be asked some questions, please read them carefully and answer honestly
• Put an x into all the boxes [ ] relevant to your pull request (like that [x])
• Use Preview tab to see how your pull request will actually look like

---

Before submitting a pull request make sure you have:

• Searched the bugtracker for similar pull requests
• Read adding new extractor tutorial
• Read youtube-dl coding conventions and adjusted the code to meet them
• Covered the code with tests (note that PRs without tests will be REJECTED)
• Checked the code with flake8

In order to be accepted and merged into youtube-dl each piece of code must be in public domain or released under Unlicense. Check one of the following options:

• I am the original author of this code and I am willing to release it under Unlicense, except for code from yt-dlp for which this or the below has already been asserted
• I am not the original author of this code but it is in public domain or released under Unlicense (provide reliable evidence)

What is the purpose of your pull request?

• Bug fix
• Improvement
• New extractor
• New feature

---

Description of your pull request and other information

This PR adds validation of file extensions processed by yt-dl

1. against a white-list of expected extensions (unpublicised --no-check-extensions disables this, CLI only)
2. to exclude path separators in a site-supplied extension that could enable path traversal under vulnerable OSes (Windows, eg).

The PR is derived from https://github.com/yt-dlp/yt-dlp-ghsa-79w7-vh3h-8g4j/pull/1.

Thanks:

• @Grub4K for the PR
• @pukkandan for the original report
• @JarLob for a further report and for additional testing.

[eyaler]

@dirkf saving a video file without an extension is a practice which may be used for having a format-agnostic filename. this change breaks multiple scripts with this behavior. please consider reverting the behavior to allow no extension

[dirkf]

Please open a support issue showing an example with verbose log and explaining what you think should happen instead.

Possible work-arounds for CLI:

• use --exec ... to rename away an unwanted extension
• use --no-check-extensions

For API, try similar approaches to that in e15101c (__init__.py) or the equivalent in yt-dlp (_UnsafeExtensionError.sanitize_extension = lambda x, **kw: x).