Forward port of 6d3b5b24fd4f82c1cbfbc4cade5246a0335f8dda to master

The "deleteAll" method on the Common storage class isn't used anywhere.
Also, it isn't defined on the Storage interface so this fix removes it
completely.

The method deleteAll() doesn't officially exist on the Storage class as
it's not defined on the interface, which means it fails on the Quota
storage wrapper and might fail on some external storage classes.
Also, this here is the only use case for that one method.

Jenkins somewhat complains that there are already sent headers.

If an user is able to create folders in /core/l10n/ he is able to execute arbitrary code. Therefore I've added an `issubdirectory` check and removed all potential dangerous characters from `$lang`.

This patch was automatically generated as part of the following inspection:
https://scrutinizer-ci.com/g/owncloud/core/inspections/cdfecc4e-a37e-4233-8025-f0d7252a8720

Enabled analysis tools:
 - PHP Analyzer
 - JSHint
 - PHP Copy/Paste Detector
 - PHP PDepend

- added file name check for the put, rename and setNames() methods which
  throw a "Bad Request" whenever invalid characters are used
- replaced \OC\Filesystem usage with $this->getFS() to be able to write
  unit tests

- added PHP utility function to check for file name validity
- fixes issue where a user can create a file called ".." from the files UI
- added extra checks to make sure newfile.php and newfolder.php also
  check for invalid characters

- When all files are selected, do not send the whole file list
- Download will trigger download for the parent folder, also works
  with root
- Delete will send "allfiles" to the server that will find the file
  list or the passed directory by itself