Fix editor timestamp URLs not working when they contain a space

[peppy]

Closes #29145.

[bdach]

I've learned over a few CTFs to be very careful around the placement of these operations, and I initially wasn't sure whether that one was correct (I believe the conventional wisdom is that you want to decode these as soon as you come in contact with one, i.e. I'd imagine the correct place to be somewhere around OsuSchemeLinkIPCChannel, and only after proper URL fragment parsing). That said, upon looking through these, I'm not sure anything malicious can be done even if URL decoding is done late as you have it:

• osu://chan/{0} accepts a channel name as a string - don't see any room for abuse (only a specific range of values is acceptable) and decoding is correct here
• osu://chan/edit/{0} accepts a timestamp as a string - don't see any room for abuse (pretty strict parsing rules are used) and decoding is correct here
• osu://b/{0} - this one is the most dicey I guess, because it uses the same format of URL as https://osu.ppy.sh/b/, in particular it supports query params. So someone could technically do some shenanigans with %3F which would be decoded and thus interpreted as a query param delimiter rather than URL text, which is technically incorrect, but not harmful I suppose?
• osu://s/{0} - requires an integer, so no room for abuse
• osu://spectate/{0} - not supported for now I guess
• osu://u/{0} - accepts a username as a string, don't see any room for abuse and decoding is correct here

So not sure. Probably fine, but I wouldn't call it 100% correct.

[peppy]

Your conclusions sound about right. Is there anything I need to do to get this in a mergeable state though?

[bdach]

If you've read the above and shrugged then probably not, let's get it in and see if anyone complains about the one weird case.