The `sessionId`, an optional parameter when starting a new session when
running a workflow is an arbitrary string. This allows consumers to
support whatever ids are needed by other systems, but can result in
errors when an OS special or forbidden character is included.
The fix is to escape the paths, in a 1:1 manner. We rely on
EncodeDataString to do this.
* Also modifies the index file to make it easier to determine what the
name of the file on disk is for a given `sessionId`.