misc/specialisation: escape specialisation name

[ToborWinner]

The specialisation name is included in home.extraBuilderCommands without being properly escaped and checked. This commit fixes that.

Description

The specialisation name is currently not escaped when included in the command to create the symlink in home.extraBuilderCommands. This PR properly escapes it and adds an assertion to ensure it does not contain a forward slash.

This PR, for example, prevents people from running commands through the specialisation name:

home-manager.users.tobor.specialisation."test && echo 'test' > $out/test.txt".configuration = { };

After rebuilding, the test.txt file is present in the built derivation:

❯ cat .local/state/home-manager/gcroots/current-home/test.txt
test

Note: specialisation.nix was probably implemented by copying how it works in nixpkgs, which currently has the same problem. I will probably submit a PR in nixpkgs later too.

Checklist

• Change is backwards compatible.

• Code formatted with ./format.

• Code tested through nix-shell --pure tests -A run.all
  or nix build --reference-lock-file flake.lock ./tests#test-all using Flakes.

• Test cases updated/added. See example.

• Commit messages are formatted like

  {component}: {description}
  
  {long description}
  

  See CONTRIBUTING for more information and recent commit messages for examples.

• If this PR adds a new module

  • Added myself as module maintainer. See example.

Maintainer CC

[ToborWinner]

The check failure seems to have nothing to do with my PR (nushell is failing because of a hash mismatch).

[ToborWinner]

I'm pretty new to PRs, so I don't know if I resolved the conversation properly (I don't think it gave you the contribution? Not sure how I should have handled that), so let me know if I did anything wrong. Thank you for the suggestion.

[ToborWinner]

I pushed no changes, I just wanted the tests to pass after the nushell test was fixed.