make-secnet-sites: Taint the `group' parameter

This comes from the untrusted caller.  It should be tainted before we
use it as a filename.  (Actually in practice it's checked against the
`location' from the header, so this doesn't actually fix a
vulnerability.)

Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>