licensecheck: Separate filename from args in file call

This prevents the situation where $file happens to be a valid switch
for the file command (e.g. -C) which causes side-effects.  If properly
setup, it's possible to cause file to traverse a symlink and overwrite a
file.

Closes: #794365, CVE-2015-5705
Signed-off-by: James McCoy <jamessan@debian.org>