pub fn validate_path_within_root( path: &Path, root: &Path, ) -> Result<PathBuf, PathSecurityError>
Validate that a path stays within the allowed root directory This prevents directory traversal attacks