MicroCeph path traversal issue in the remote-import API

An attacker who holds a trusted cluster mTLS certificate (e.g., an enrolled cluster member) or a valid join token can send a crafted HTTP request to the remote-import API with a remote name containing path-traversal sequences such as `../state`. Because the API previously did not validate the remote name, the traversal payload reaches file operations like `renderConfAndKeyringFiles` and `os.Remove`, allowing the attacker to write or delete files under `/var/snap/microceph`. This can disrupt Ceph daemons and corrupt cluster state. The attack requires network access to the MicroCeph API and valid cluster credentials [patch_id=6590900].

The vulnerability resides in the remote-import API endpoints (`microceph/api/remote.go`) and the file-writing helpers (`microceph/ceph/configwriter.go`, `microceph/database/remote_extras.go`). The `cmdRemotePut`, `cmdRemoteGet`, and `cmdRemoteDelete` handlers lacked validation of remote names, allowing path-traversal characters such as `../` to reach `renderConfAndKeyringFiles` and `os.Remove` calls. The patch adds `validateRemoteName` and `validateRemoteImportRequest` functions that reject names containing `..`, `/`, or reserved words, and hardens `Config.WriteConfig` and `DeleteRemoteDb` with `filepath.IsLocal` checks.

The patch introduces `validateRemoteName` and `validateRemoteImportRequest` in `microceph/api/remote.go` to reject remote names that contain characters outside `[a-z0-9]`, include path separators (`/`), or match reserved names (`ceph`, `ganesha`, `radosgw`). It also adds `filepath.IsLocal` checks in `Config.validateConfigFile` (`microceph/ceph/configwriter.go`) and `DeleteRemoteDb` (`microceph/database/remote_extras.go`) to ensure that constructed file paths cannot escape the intended directory. The `ClusterNameRegex` is tightened to enforce a maximum length of 63 characters, and the `IsValidClusterName` helper is extracted to a reusable function. Together these changes prevent an authenticated attacker from writing or deleting files outside the `/var/snap/microceph` confinement via the remote-import API.