Prevent Zip Slip by validating unzip targets

[joshyorko]

Motivation

• A Zip Slip vulnerability was reachable when importing an embedded hololib.zip from untrusted bundles because Unzip constructed extraction paths with filepath.Join and wrote them without containment checks.
• The fix targets the shared unzip/operations path so callers like importHololib cannot cause arbitrary file writes outside the intended destination.

Description

• Added safeExtractTarget(directory, entry) in operations/zipper.go to canonicalize and validate that a cleaned extraction target stays inside the destination directory.
• Updated unzipper.Extract to call safeExtractTarget for each entry and reject entries that escape the destination.
• Added regression tests in operations/zipper_test.go covering a malicious traversal entry (TestUnzipRejectsPathTraversal) and a normal extraction (TestUnzipExtractsRegularFile).

Testing

• Ran gofmt -w operations/zipper.go operations/zipper_test.go successfully to format the changes.
• Attempted GOARCH=amd64 CGO_ENABLED=0 go test ./operations, which failed in this environment due to missing generated embedded assets (blobs/embedded.go: pattern assets/*.py: no matching files found) and prevented running the package tests here.
• The new tests are present and intended to guard against regressions when the repository test environment (generated assets) is available; they should pass in a normal developer/toolkit run.

---

Codex Task

[chatgpt-codex-connector]

You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard.
To continue using code reviews, you can upgrade your account or add credits to your account and enable them for code reviews in your settings.

[joshyorko]

Superseded by #97, which stacks this hardening change into the grouped release PR.