sanebox: tidy up the quoting in a few more edge-cases

pkgs/additional/sanebox/sanebox

@@ -298,7 +298,7 @@ readlinkOnce() {
   local path=$2
   local linkTarget=
   if [ -v linkCache[$path] ]; then
-    linkTarget=${linkCache["$path"]}
+    linkTarget=${linkCache[$path]}
   elif [ -L "$path" ]; then
     # path is a link, but not in the cache
     linkTarget=$(readlink "$path")
@@ -338,7 +338,7 @@ derefOnce() {
 
   # make absolute
   if [ -n "$target" ]; then
-    if [ "${target:0:1}" != "/" ]; then
+    if [ "${target:0:1}" != / ]; then
       # `walked` is a relative link.
       # then, the link is relative to the parent directory of `walked`
       target=$walked/../$target
@@ -705,7 +705,7 @@ landlockSetup() {
   # typical failure mode:
   # - /tmp: application can't perform its task
   # - /dev/{null,random,urandom,zero}: application warns but works around it
-  paths+=(\
+  paths+=(
     /dev/null
     /dev/random
     /dev/urandom
@@ -887,7 +887,7 @@ removeSubpaths() {
   for path in "${paths[@]}"; do
     local isSubpath=
     for other in "${paths[@]}"; do
-      if [[ "$path" =~ ^$other/.* ]] || [ "$other" = "/" ] && [ "$path" != "/" ]; then
+      if [[ "$path" =~ ^"$other"/ ]] || ( [ "$other" = / ] && [ "$path" != / ] ); then
         # N.B.: $path lacks a trailing slash, so this never matches self.
         # UNLESS $path or $other is exactly `/`, which we special-case.
         isSubpath=1