CVE-2023-43115: Ghostscript IJS device skips SAFER path validation

Ghostscript's IJS device (devices/gdevijs.c, gsijs_open) passes the user-controlled IjsServer string directly to ijs_invoke_server (fork+exec) and forwards the OutputFile (ijsdev->fname) to the IJS server with no gp_validate_path / SAFER check. Even with -dSAFER, an attacker can supply ../ traversal or any absolute path and either execute an arbitrary binary as the IJS server or have the server (running with gs privileges) write to arbitrary files.