[!!!][SECURITY] Deny direct FAL commands for form definitions

Before this change, form definitions have been persisted in regular
`.yaml` files. In order to make the meaning and purpose of those
files more explicit, the new file ending `.form.yaml` is introduced.

Invocations of the file abstraction layer API for those form files
have to be allowed explicitly by granting commands individually using
`FilePersistenceSlot::allowInvocation`.

New form definitions are created with the new file ending per default.
An upgrade wizard renames existing form definitions that are stored in
according storage folders (`allowedFileMounts`). In addition references
in FlexForm of content elements are adjusted to the new file names as
well - in case a form definition has been referenced before.

The file list user interface disabled according direct actions for
`.form.yaml` files or redirects those to the according form module.

Using just `.yaml` instead of `.form.yaml` from site packages
is deprecated. Using just `.yaml` instead of `.form.yaml` from
file storages is not allowed anymore.

Resolves: #84910
Releases: master, 8.7
Security-Commit: 444f9dc4f1902871391bd1f139d19b46a63a162f
Security-Bulletin: TYPO3-CORE-SA-2018-003
Change-Id: I456c03f745e614729cdbf2915efc6b5e6d11fc0f
Reviewed-on: https://review.typo3.org/57561


Reviewed-by: Oliver Hader <oliver.hader@typo3.org>
Tested-by: Oliver Hader <oliver.hader@typo3.org>