Prevent path traversal

[andrius-puksta-sensmetry]

In cases where we retrieve paths via user input, we must ensure that paths point where they are supposed to. For relative paths:

• must not be absolute
• if going outside parent dir does not make sense, it is forbidden, i.e. any path component other than Component::Normal(_) must either be normalized away or forbidden before using the path

Tracker of where paths are retrieved from:

• CLI surface
• sysand_core API: should enforce this where appropriate, or document otherwise,
• FFI bindings APIs: must enforce
• sysand.toml: project sources
• env.toml: fixed in feat: use new local environment structure #297
• sysand-lock.toml: sources
• KPARs:
  • absolute paths
  • symlinks
  • other?
• .meta.json fields meta and checksum
• index server interactions currently expose no paths