pub fn validate_path(root: &Path, requested: &str) -> Result<PathBuf>
Validate that a path resolves within the allowed root directory. Prevents path traversal attacks (e.g., ../../etc/passwd).
../../etc/passwd