read and write exports to/from exports folder only

[rymsha]

In unfortune situations XP can override some critical files if exports write is not restricted to "exports" folder.

Reading from "any" could be used maliciously.

[rymsha]

~This may end up being too strict without https://github.com/enonic/xp/issues/7654~

[rymsha]

in JS API it is only possible to specify export name (in exports folder) Java API still supports full path - for backwards compatibility