Sanitize arguments/safer command execution

[paulvt]

As the user of the library is unaware of how the dialog commands are executed, it is not easy to sanitize the input so that exploits are not possible. For example, using Shellwords doesn't work. I ran into issues where the user can input something that results in a string that contains for example ..."; /bin/sh .... When passed to #yesno the user is dropped into the shell with some dialog error message.

Example:

$ ruby -rmrdialog -e 'MRDialog.new.yesno("foo: \"; /bin/sh\n", 0, 0); puts "bar"'
Error: Expected at least 3 tokens for --yesno, have 1.
Use --help to list options.

$

I had to look into the code to see that I should escape the double quotes in the arguments, but mrdialog could have just as well single quotes or, much safer, and argument array for system. It would be best if mrdialog did the sanitization instead of the developer so that it corresponds with the way it calls the command, or if mrdialog just plain switches to array arguments.