Treat play_file() and co as internal routines without protection (#4059)

* Treat play_file() and co as internal routines without protection

Our code and add-ons need a way to play audio from arbitrary locations. I propose we treat the _tag API as suitable for user input, and the _file API for internal use.

* Mention basename in the *_file() paths

(cherry picked from commit 50b7588231)

qt/aqt/sound.py

@@ -175,14 +175,26 @@ class AVPlayer:
             self._stop_if_playing()
 
     def play_file(self, filename: str) -> None:
-        self.play_tags([SoundOrVideoTag(filename=os.path.basename(filename))])
+        """Play the provided path.
+
+        SECURITY: Filename may be an arbitrary path. For filenames coming from a collection,
+        you should only ever use the os.path.basename(filename) as the filename."""
+        self.play_tags([SoundOrVideoTag(filename=filename)])
 
     def play_file_with_caller(self, filename: str, caller: Any) -> None:
+        """Play the provided path, noting down the caller.
+
+        SECURITY: Filename may be an arbitrary path. For filenames coming from a collection,
+        you should only ever use the os.path.basename(filename) as the filename."""
         self.current_caller = caller
         self.play_file(filename)
 
     def insert_file(self, filename: str) -> None:
-        self._enqueued.insert(0, SoundOrVideoTag(filename=os.path.basename(filename)))
+        """Place the provided path at the top of the playlist.
+
+        SECURITY: Filename may be an arbitrary path. For filenames coming from a collection,
+        you should only ever use the os.path.basename(filename) as the filename."""
+        self._enqueued.insert(0, SoundOrVideoTag(filename=filename))
         self._play_next_if_idle()
 
     def toggle_pause(self) -> None: