This patch introduces the new environment variable `MEDIA_BASE_PATH`
allowing to restrict the media paths that can be added to libraries and
therefore limiting which sections of the filesystem audiobookshelf will
scan and potentially serve to the web.
This means, you can, for example, specify that all media are in
`/audiobooks`, preventing users to access file system paths not starting
with this.
This also prevents things like users specifying `/` as a library path
which seems to be a good way for a denial of service attack right now.
The patch also adds the new environment variable to the example Docker
commands and docker-compose files, matching the media file specified in
those examples.
Assigning something to `process.env.profile`, Node stringifies the value. This
means that assigning `undefined` to an environment variable in Node will result
in it holding the string `undefined`.
This means, for example, that `module.exports.FFPROBE_PATH || 'ffprobe'` in
`server/libs/nodeFfprobe/index.js` will actually result in the string
`undefined`.
This patch fixes several such assignments in the `index.js`, potentially
causing problems in the development mode.