Investigate potential Local File Inclusion vulnerability

[javagl]

The issue about local file inclusion at CesiumGS/gltf-pipeline#673 may also be relevant for the 3D Tiles Tools.

This applies to different levels:

• The 3D Tiles Tools are using gltf-pipeline as a dependency. In some cases, the fix that is about to go into gltf-pipeline might already resolve possible vulnerabilities in the 3D Tiles Tools
• The 3D Tiles Tools are using glTF-Transform as a depencency. The cases where glTF-Transform might allow such a Local File Inclusion have to be examined (I think that it does not have this vulnerability. In fact, I think that it hardly allows ~"external resources" at all, maybe exactly because of this. But this remains to be verified)
• The 3D Tiles Tools tried to abstract away some resource handling the the ResourceResolver and its implementation (FileResourceResolver). It simply rejects http(s) URIs, but there may be issues with other URIs (file or /absolute or ../../../youAreNotSupposedToBeHere ones)