Make also sure the tmpfile from the widget exists beforehand, when validating: we don't want users to "explore" our tmpdir with bogus values that just look sane
Revert to previous template::widget::file behavior of accepting input in a form of a list of 3 elements (e.g. without a .tmpfile in the request), but introduce validation so that we enforce all widget values to be in the proper format and the files to be "safe"