Remote code execution in ticketer

A Discord user with permission to use the `message` command can set a ticket message template containing Python format string placeholders like `{user.id}`, `{user.discriminator}`, or `{user.guild.id}`. When a ticket is subsequently created, the template is formatted with the ticket creator's `SafeMember` object — but if the attacker sets the template before the patch, the format string accesses attributes of the raw `discord.Member` object, leaking sensitive information such as user IDs, discriminator tags, guild IDs, or other member properties. The attack requires the user to have access to the `message` command and for another user to trigger ticket creation.

The vulnerability is in the `Ticketer` cog's `message` and `create` commands. The `message` command at line 86 and the `create` command at line 247 both call Python's `str.format()` on a user-supplied message template, passing `ctx.author` directly. This allows an attacker to access arbitrary attributes of the `discord.Member` object through format string syntax. The patch introduces a `SafeMember` wrapper class (lines 374-385) that restricts attribute access to only `.name` and `.mention`, returning an empty string for any other attribute access.

The patch replaces direct use of `ctx.author` (a `discord.Member` object) with a `SafeMember` wrapper in both the `message` command (line 87) and the `create` command (line 248). The `SafeMember` class (lines 374-385) exposes only `.name` and `.mention` attributes and overrides `__getattr__` to return an empty string for any other attribute access. This prevents an attacker from using format string placeholders to leak arbitrary member attributes like `id`, `discriminator`, or `guild` properties. The version is also bumped from 1.0.0 to 1.0.1.