CfgPath deserialisation is capricious

CfgPathIneer uses #[serde(untagged)], but the variants have very largely overlapping representations.

In an ad-hoc test case I found that (after adding Serialize), CfgPath::from_path(PathBuf::from("nice path")) (which is PathInner::Literal) round trips through JSON to PathInner:Shell. I think, at least for some config formats, that whether things get shell-expanded might depend on whether the string contains invalid Unicode (invalid UTF-8 on Unix; surrogates on Windows, if the path was specified in UTF-16 somehow).

We must either (a) always expand paths (b) have the input be explicit about whether expansion is wanted. (a) might depend on either (a)(i) rejecting invalid unicode paths in our config or (a)(ii) teaching shellexpand how to handle PathBuf or OsString.