posix: block brace expansion of unquoted expansions (re: a14d17c0)

Historically, ksh (including ksh88 and mksh) allow brace expansion
not just on literal patterns but also on patterns resulting from
unquoted variable expansions or command substitutions:

  $ a='{a,b}' ksh -c 'echo X{a,b} Y$a'
  Xa Xb Ya Yb

Most people expect only the first (literal) pattern to be expanded,
as in bash and zsh:

  $ a='{a,b}' bash -c 'echo X{a,b} Y$a'
  Xa Xb Y{a,b}

The historic ksh behaviour is poorly documented and nearly unknown,
violates the principle of least astonishment, and makes unquoted
variable expansions even more unsafe. See discussion at:
https://www.austingroupbugs.net/view.php?id=1193
https://github.com/ksh93/ksh/issues/140

Unfortunately, we cannot change it in default ksh without breaking
backward compatibility. But we can at least fix it for the POSIX
mode (which disables brace expansion by default but allows turning
it back on), particularly as it looks like POSIX, if it decides to
specify brace expansion in a future version of the standard, will
disallow brace expansion on unquoted variable expansions.

src/cmd/ksh93/sh/macro.c: endfield():
- When deciding whether to do brace expansion + globbing or only
  globbing, also check that we do not have POSIX mode and an
  unquoted variable expansion (mp->pattern==1).

src/cmd/ksh93/include/version.h

@@ -21,7 +21,7 @@
 
 #define SH_RELEASE_FORK	"93u+m"		/* only change if you develop a new ksh93 fork */
 #define SH_RELEASE_SVER	"1.0.0-beta.2"	/* semantic version number: https://semver.org */
-#define SH_RELEASE_DATE	"2022-06-07"	/* must be in this format for $((.sh.version)) */
+#define SH_RELEASE_DATE	"2022-06-08"	/* must be in this format for $((.sh.version)) */
 #define SH_RELEASE_CPYR	"(c) 2020-2022 Contributors to ksh " SH_RELEASE_FORK
 
 /* Scripts sometimes field-split ${.sh.version}, so don't change amount of whitespace. */