*SECURITY* fixes after pentest

• fixed possible SQL injection in UBQL logicalPredicates (Repository.logic)
• CSV export now adds ' (single quoter) into beginning of the string what looks like an Excel formulas during CSV export to prevent CSV Injection/Formula Injection attack. Can be disabled by set
• UB/UBLDAP authorization now can accept password and clientNonce as JSON body in 2-n stage POST request instead of parameters in URI