This function gets called directly from the public API, and a calling
application should not be allowed to lookup an element with a name
like "some-random-file#element_id", that is, the app should not be
able to cause files to be read if they are not within the set of
resources that the SVG actually references.

The test is robust (only fragment IDs without a URL are allowed), but
will inadvertently print a g_warning if someone runs rsvg-convert like

    rsvg-convert -i 'foo#bar' -o x.png x.svg

We may be able to get rid of that g_warning once the public API is
implemented in Rust, so it can have access to the URL parsing machinery.