security(import): wire isValidImportFilename guard into processRows

Rejects path-traversal filenames before findFileRecursive runs.
Guard runs on the derived filename (after the ternary) as specified.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

backend/src/main/java/org/raddatz/familienarchiv/importing/MassImportService.java

@@ -291,6 +291,11 @@ public class MassImportService {
             if (index.isBlank()) continue;
 
             String filename = index.contains(".") ? index : index + ".pdf";
+            if (!isValidImportFilename(filename)) {
+                log.warn("Skipping import row {}: filename rejected — {}", i, filename);
+                skippedFiles.add(new SkippedFile(filename, "INVALID_FILENAME_PATH_TRAVERSAL"));
+                continue;
+            }
             Optional<File> fileOnDisk = findFileRecursive(filename);
             if (fileOnDisk.isEmpty()) {
                 log.warn("Datei nicht gefunden, importiere nur Metadaten: {}", filename);