Comment 89 for bug 2059809

Updated glance patch to call the generic image safety method on the inspector. Note that glance was also unsafely using qemu-img to probe the file type *and* allowing that to be different from what the user claimed they uploaded without error. So this patch tightens up a lot of that stuff, where we take their claimed disk_format as the source format, require it match what the image claims, and require that we be able to inspect the source image in order to proceed. Glance *also* would allow attempting to convert from a type that qemu-img was unable to read (such as iso, ploop, etc). So this enforces that we only allow conversion from image types that qemu-img supports and that we have an inspector implementation for (the intersection of which doesn't actually change the set of formats we can legitimately convert). It avoids a situation where a user might upload something claiming to be "aki" (which qemu-img can't read) but is actually a malicious vmdk file (for example).