Support archives with known extra fields

[netomi]

Currently, if an extension archive contains any extra field, publication is rejected.

Extra fields in general are problematic as they enable parsing differential attacks, especially wrt utf filenames.

A common pattern is actually to have UTC modification times as extra fields, some zip tools do that by default:

  The central-directory extra field contains:
  - A subfield with ID 0x5455 (universal time) and 5 data bytes.
    The local extra field has UTC/GMT modification/access times.
  - A subfield with ID 0x7875 (Unix UID/GID (any size)) and 11 data bytes:
    01 04 e8 03 00 00 04 e8 03 00 00.

we should have a whitelist of allowed extra fields and let them pass.