dulwich: sanitize commit subjects in format_patch to prevent path traversal

dulwich.porcelain.format_patch and dulwich format-patch CLI now sanitize commit subjects. get_summary only replaced spaces with dashes; now it mirrors git's format_sanitized_subject: keeps only [A-Za-z0-9._], collapses other characters and consecutive dots to a single dash/dot, strips trailing dots/dashes, and limits length.

Users of dulwich who call porcelain.format_patch or the format-patch CLI with untrusted commits, e.g., services processing user-supplied repositories or pull requests.

Upgrade to Dulwich 1.2.5 or apply workarounds: use stdout=True and control the destination, validate the resolved path against outdir, or pre-screen commit subjects for unsafe characters.