server: forbid PUT method on a read-only shared folder

Hello!

The current implementation of the PUT method in libphodav doesn't check whether the read-only flag of the shared folder is indeed set to false. This allows one to create and copy files inside the shared folder, even if it is set to read-only.

Steps to reproduce this bug:

1. Open guest VM (Linux or Windows) in remote-viewer
2. Share a folder in read-only mode and mount it in the guest
3. In the guest, open a new text file in a text editor
4. Save the file as whatever.txt inside the shared folder

Observed behavior:

• The file whatever.txt is created in the shared folder, in the host filesystem

Expected behavior:

• An error should occur when trying to save the file

The proposed patch modifies the phodav_method_put() function so that it checks that the readonly flag is unset before proceeding with the PUT method. Otherwise, it fails with the Forbidden status (just as the other methods, such as MKCOL or COPY, for instance).

This patch also introduces a handler_get_readonly() function in order to access the readonly flag in the handler opaque structure from phodav_method_put(). Finally, it also adds debug messages for the PUT method similar to those used for the other methods (displaying both the PUT request and the returned status), even if those messages are not part of the bug fix per se.

Thanks!

SnipFoo.