pub fn validate_path_within( base: &Path, target: &Path, context: &str, ) -> Result<PathBuf>
Validate that a file path stays within a given base directory (no path traversal). Returns the canonicalized path on success.