In response to CVE-141 and SERVER-95347, implement systematic protection against null byte injection in query code. Make this assertion in getValidFieldName() checked more universally, rather than checked in just a certain case.

This would be similar to SERVER-95279 but applied to query code. Other examples of this pattern in query code are:

• the use of FieldPath instead of std::string, or
• OrderedPathSet (SERVER-67416) providing systematic protection against issues like SERVER-66418 that arose from use of std::set<std::string>.