Quote variables that may contain spaces in call to macs2

[sandain]

No description provided.

[ghuls]

@sandain Thanks for the patch.
MACS peak-calling is in the process to be rewritten in the pycistopic_v3 branch.

The old code you patched would need to be rewritten, to construct a python list with all arguments, and have shell=False. This would automatically handle arguments with spaces or other weird characters that have special meaning in bash.

Some similar approach to the one used here:
https://github.com/aertslab/create_cisTarget_databases/blob/master/clusterbuster.py#L239-L291

With the code above, if you would have a filename with the following name, it would try to delete /delete/important/dir:

";rm -r -v /delete/important/dir;echo "

[sandain]

If there is new code coming down the pipeline that fixes this issue in a more secure way, then great. However, as it is, the code in the main branch of this repo is already susceptible to this malicious filename issue -- it quietly deletes the file with no error messages produced.

With my patch in this PR, valid filenames work as expected and the same malicious filename only causes macs2 to throw an error (it prints its usage statement because it can't find the file), causing a python RuntimeError to be thrown. Perhaps all of the strings should be quoted if you are worried about malicious input from the user, but if someone is feeding unsanitized input from a web form into pycisTopic that would be their own fault. imho.