* fix: improve unsafe path handling
Paths containing spaces or dashes were being interpreted as separate options, since the path handling lacked double quotes.
This fixes all unsafe instances of "PWD" and "HOME", along with all other unsafe paths in the scripts.
* readme: explicitly mount the configuration as read-only
This clearly shows users that the MediaMTX container will not modify the configuration file.
426e6f89a2