The previous tag was not a mistake since it was pushed from a dev
branch. The patch is the same that was then merged to master, but this
release is for "cleaning" that mistake and use a tag pointing to the a
commit in the main tree.

Do not invoke commands through shell.

Closes #82

See merge request !13

Executing shell commands through mechanisms such as os.system() or
subprocess.run(shell=True) with user-controllable input is prone to
arbitrary shell command injection. In this particular case, a malicious
actor controlling any input name, either in PDF or image form, can
force ocrfeeder to execute shell commands embedded in the file name.
While a workaround for #20, mentioning problems opening files with
special characters, was introduced in 5286120c, this was not applied to
every subprocess invocation. Furthermore, it is good practice to make
use of the parameterization of arguments available in the subprocess
package instead of relying on character escaping alone, avoiding shell
invocation completely. This minimizes the attack surface.

Remove the usage of deprecated 'xml.etree.ElementTree.Element.getchildren'

See merge request !10

It's not available anymore since Python 3.9.

Set application avatar in Gitlab.

See merge request !9

The ISO_CODES_PATH was hardcoded, and this means that the path may not
be the correct one in some systems. Therefore, these changes allow to
set an ISO_CODES_DIR as an environment variable or, in case it is not
set, it looks for the "xml/iso-codes" path within the system's data
dirs.

It was simply concatenating the paths, but we will soon be able to
configure the ISO_CODES_PATH, so using os.path.join is safer.