Normalize paths before passing them to the authorization checker
This bug allowed attackers to bypass deny rules by adding a trailing / to the
repository which depending on the policy could grant them access to said
repository.
FROMrwgrim/hgkeeper:latest
# rwgrim/hgkeeper already creates an hg user so we don't need to create it here.