Add ":" as a shell-safe character (#753)

Test Plan:
Running `./test_build_static_site.t --long -v` no longer detects the
feedback URL as unsafe. (Prior to this commit, it emitted a message to
this effect.) The build is still broken on Linux for other reasons, but
works on macOS or any other system where `sh` resolves to Bash.

As a regression test, the “potentially unsafe argument” warning has been
made to actually fail the test case. To verify this, remove `:` from the
list of `unusual_chars`, run the test, and note that it fails outright.

wchargin-branch: shell-safe-colon

sharness/test_build_static_site.t

@@ -134,16 +134,21 @@ run_build() {
     output_dir="build_output/output_${prereq_name}"
     api_dir="${output_dir}/api/v1/data"
     data_dir="${api_dir}/data"
+    unsafe_arg=
     for arg in "${output_dir}" "$@"; do
-        unusual_chars="$(printf '%s' "$arg" | sed -e 's#[A-Za-z0-9/_.-]##g')"
+        unusual_chars="$(printf '%s' "$arg" | sed -e 's#[A-Za-z0-9:/_.-]##g')"
         if [ -n "${unusual_chars}" ]; then
-            printf 'fatal: potentially unsafe argument: %s\n' "${arg}"
+            unsafe_arg="${arg}"
-            return
+            break
         fi
     done
-    flags="--target $output_dir $*"  # checked for sanity above
+    flags="--target $output_dir $*"  # only used if ! [ -n "${unsafe_arg}" ]
     test_expect_success EXPENSIVE,HAVE_GITHUB_TOKEN \
         "${prereq_name}: ${description}" '
+        if [ -n "${unsafe_arg}" ]; then
+            printf >&2 "fatal: potentially unsafe argument: %s\n" "${arg}" &&
+            false
+        fi &&
         run '"${flags}"' 2>err &&
         test_must_fail grep -vF \
             -e "Removing build directory: " \