prevent potential option injections in job input files

A malicious user may submit an input file starting with '-'. A loosely-implemented webapp entrypoint could misinterpret it as a command-line option a let the user inject arbitrary options to the commands executed inside the job.

To prevent this the leading '-' in input filenames are silently changed into '_'.