Rework handling of untrusted terminal data.

Now there's a centralised routine in misc.c to do the sanitisation,
which copies data on to an outgoing bufchain. This allows me to remove
from_backend_untrusted() completely from the frontend API, simplifying
code in several places.

Two use cases for untrusted-terminal-data sanitisation were in the
terminal.c prompts handler, and in the collection of SSH-2 userauth
banners. Both of those were writing output to a bufchain anyway, so
it was very convenient to just replace a bufchain_add with
sanitise_term_data and then not have to worry about it again.

There was also a simplistic sanitiser in uxcons.c, which I've now
replaced with a call to the good one - and in wincons.c there was a
FIXME saying I ought to get round to that, which now I have!

unix/uxcons.c

@@ -448,11 +448,16 @@ static void console_close(FILE *outfp, int infd)
 
 static void console_prompt_text(FILE *outfp, const char *data, int len)
 {
-    int i;
+    bufchain sanitised;
+    void *vdata;
 
-    for (i = 0; i < len; i++)
-	if ((data[i] & 0x60) || (data[i] == '\n'))
-	    fputc(data[i], outfp);
+    bufchain_init(&sanitised);
+    sanitise_term_data(&sanitised, data, len);
+    while (bufchain_size(&sanitised) > 0) {
+        bufchain_prefix(&sanitised, &vdata, &len);
+        fwrite(vdata, 1, len, outfp);
+        bufchain_consume(&sanitised, len);
+    }
     fflush(outfp);
 }