Fix shell injection vulnerability in patch(1) via ed(1) by
tightening sanity check of the input. [1]

While I'm there also replace ed(1) with red(1) because we do
not need the unrestricted functionality. [2]

Obtained from: Bitrig [1], DragonFly [2]
Security: CVE-2015-1418 [1]