Currently via the safe-api web pages can access the user's filesystem to write data.

* `files_container_create`
* `files_container_sync`
* `files_container_get`
* `files_container_add`
* `files_container_add_from_raw`

As per RFC60 we should:

• Make location optional for files_container_create. Throw error if used. (same for safe-api)
• Make location optional for files_container_sync. Throw error if used.
• detect safe: in files_container_add in browser or throw error if other string