Parent directory path notation can be used in resource pack URI

The bug

The method net.minecraft.client.multiplayer.ClientPacketListener.validateResourcePackUrl(String) (20w07a Mojang name) is supposed to prevent usages of the parent directory path notation (..) if the URI scheme is level, see also MC-121090. The problem is that the URI is considered URL encoded and the validation (method validateResourcePackUrl) is done for the encoded variant. This means you can use the URL encoded representation of .., %2E%2E.

This allows testing for a file called resources.zip anywhere in the file system instead of only in the saves directory and its sub-directories.

This could be solved by decoding the URI in the method validateResourcePackUrl (after creating the URI object). Doing it somewhere else could cause problems since the URI could then contain non-ASCII characters.

Note that there are also other problems with ClientPacketListener.handleResourcePack(ClientboundResourcePackPacket):

1. validateResourcePackUrl checks the scheme while handleResourcePack expects the prefix level://. This is problematic because for example new URI("level:test").getScheme() returns level and would therefore pass the validate method, but handleResourcePack would not consider it a level resource pack.
2. Parsing a string as URI and later (when downloading) as URL can be problematic because both classes parse differently (which might be abusable), e.g. url:http://test is equal to http://test. Therefore it would be good to only parse it once as URL and then use that for validation and downloading.