fix: Preserve Unicode filenames in sanitization and persist original names

[usnavy13]

Summary

• Updated sanitize_filename regex from [^a-zA-Z0-9.-] to [\w.\-] (Python 3 \w preserves Unicode letters/digits across all scripts while still blocking path separators, control chars, and shell metacharacters)
• Added original_filename field to FileInfo model and Redis metadata so pre-sanitization filenames are recoverable
• Passed original filename through /upload and /upload/batch endpoints to Redis storage
• Updated GET /files/{session_id} to return the true original filename in metadata.original-filename

Context

Filed danny-avila/LibreChat#12975 for the matching client-side fix. Danny opened LibreChat#12977 which updates LC's sanitizeFilename to preserve Unicode and adds RFC 8187 Content-Disposition headers.

Do not merge until LibreChat#12977 is merged and we can test the full pipeline end-to-end — both sides need to preserve Unicode for filenames to survive the round trip.

What changed

File	Change
src/services/execution/output.py	Regex [^a-zA-Z0-9.-] → [^\w.\-] — preserves CJK, Cyrillic, Arabic, accented Latin, etc.
src/models/files.py	Added original_filename: Optional[str] to FileInfo
src/services/file.py	Persists original_filename in Redis via store_uploaded_file, propagates through get_file_info and link_file_into_session
src/api/files.py	Passes original filename from upload endpoints; returns it from file listing
tests/unit/test_output_processor.py	Updated Unicode assertion, added 10 new tests (CJK, Cyrillic, Korean, Arabic, mixed, dangerous chars)

Backward compatibility

• ASCII-only filenames behave identically (\w on ASCII = [a-zA-Z0-9_], and _ → _ was already a no-op)
• Existing Redis entries without original_filename degrade gracefully via .get() fallback
• Path traversal protection, length limits, and leading-dot handling are all unchanged

Test plan

• pytest tests/unit/test_output_processor.py — 41 passed
• pytest tests/unit/ — 496 passed, 0 failures
• flake8 src/ — 0 errors
• black src/ tests/ --check — clean
• mypy src/ — success, 0 issues
• bandit -r src/ -s B104,B108 --severity-level high — 0 high-severity issues
• End-to-end test with LibreChat after #12977 merges (upload Unicode filename → execute → download → verify name preserved)

🤖 Generated with Claude Code

[usnavy13]

Danny's fix landed in LibreChat (#12977 merged to dev). I've reviewed his final implementation and updated our sanitizer to match his approach:

What changed in this follow-up commit:

• Switched from \w regex to a two-pass approach matching LC's sanitizeFilenameSegment — strict for ASCII [a-zA-Z0-9._-], permissive for non-ASCII (blocks only C1 controls)
• Added NFC normalization before sanitizing (handles decomposed accents like e + U+0301 → é)
• Emoji and ZWJ sequences now preserved (LC allows \p{Emoji} + ‍, our \w didn't)

Compatibility verified: both sides now produce identical output for CJK, Cyrillic, Korean, Arabic, accented Latin, emoji, and all dangerous ASCII chars.

Ready for end-to-end testing once LC's dev is deployed — the sanitization logic is now aligned.