abort on suspicious ref names

(and the other Dan Carpenter finding too, while we're about it!)

Note that neither of these is an actual issue, (and even less likely now
that gitolite is pure perl and no shell metas used) but it's just
playing safe.

src/gitolite-shell

@@ -45,6 +45,10 @@ sub in_http {
 }
 
 sub in_ssh {
+    $ENV{SSH_ORIGINAL_COMMAND} ||= '';
+    my $soc = $ENV{SSH_ORIGINAL_COMMAND};
+    $soc =~ s/[\n\r]+/<<newline>>/g;
+    _die "I don't like newlines in the command: $soc\n" if $ENV{SSH_ORIGINAL_COMMAND} ne $soc;
 }
 
 # ----------------------------------------------------------------------