Make hgweb.staticfile() more secure and portable. Without this, files in directories next to the static directory starting with 'static' could be retrieved, e.g. with '../static.private/foo'. Additionally staticfile now generates platform specific pathnames from the /-separated paths given in the URL. Illegal file names (e.g. containing %00) now yield a sane error message.