Fix high-severity security vulnerabilities found in allure-docker-api/app.py

[mikliapko]

The repository was scanned on the subject of security vulnerabilities using Snyk tool.

Here is a list with high severity vulnerabilities:

1. CWE-23: Unsanitized input from an HTTP parameter flows into open, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write arbitrary files.
   

   allure-docker-service/allure-docker-api/app.py

   Line 1170 in aeb786e

   file = open(emailable_report_path, "w")

2. CWE-23: Unsanitized input from an HTTP parameter flows into flask.send_file, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write arbitrary files.
   

   allure-docker-service/allure-docker-api/app.py

   Line 1208 in aeb786e

   report = send_file(emailable_report_path, as_attachment=True)

3. CWE-23: Unsanitized input from an HTTP parameter flows into shutil.rmtree, where it is used as a path. This may result in a Path Traversal vulnerability and allow an attacker to write arbitrary files.
   

   allure-docker-service/allure-docker-api/app.py

   Line 1328 in aeb786e

   shutil.rmtree(project_path)

4. CWE-78: Unsanitized input from an HTTP parameter flows into os.popen, where it is used as a shell command. This may result in a Command Injection vulnerability.
   

   allure-docker-service/allure-docker-api/app.py

   Line 1654 in aeb786e

   tmp = os.popen('ps -Af | grep -w {}'.format(project_id)).read()

Is it possible to fix them?
Thanks!