plasmacalendarintegration: Fix directory traversal vulnerability in events plugins

digital-calendar plasma applet is vulnerable to directory traversal attack which allows an arbitrary .so library file to be leaded as a plasma calendar plugin.

This vulnerability can be triggered via theme files that provide a config for the digital-clock applet which includes `enabledCalendarPlugins` that uses directory traversal to load arbitrary .so from the filesystem.

This requires write access to user's home or the installation of third party global themes so is not directly exploitable by anything which did not have access already, however it should be fixed regardless.


(cherry picked from commit 6cdf4291)