Attaching files with mailto:?attach=... parameter is considered dangerous

In run_thunderbird(), xdg-email greps for a proprietary attach parameter: https://gitlab.freedesktop.org/xdg/xdg-utils/-/blob/master/scripts/xdg-email.in#L51

This allows arbitrary websites with mailto links to add local files on disk into the Thunderbird's email composition dialog and should be removed: https://twitter.com/i/status/1295357952480751616

After Thunderbird removed this functionality years ago, I think xdg-email somewhat re-introduced it. Original bug report for Thunderbird: https://bugzilla.mozilla.org/show_bug.cgi?id=1613425