Entries in sudoers files that include * do not behave like shell globs

When mistakenly used in the argument list it can expand to protected content, such as /etc/shadow. Most users do not expect this.

The following example will permit 'username' to read /etc/shadow as the * character accepts any character and spaces.

  username ALL=(ALL) /bin/cat /var/log/messages*

The patch adds the following style of argument matching that can restrict the sudoers arguments to regex, thus allowing for additional common logrotate suffixes.

  username ALL = (ALL) /bin/cat m{/var/log/messages(\.[0-9]+|-[0-9]+)?$}

This improves the security stance of sudoers entries through tight regex matches which most administrators are familiar with.

Changes are in <https://github.com/edneville/sudo>, viewable as <https://github.com/sudo-project/sudo/compare/master...edneville:master>