pub fn path_safe(repo_root: &Path, requested: &str) -> Result<PathBuf, GitError>Expand description
Resolve requested against repo_root and assert the result
stays inside the root. Rejects:
- absolute
requestedpaths, - any
Component::ParentDir(..), - resolved paths that don’t share the root prefix.
Does not require the path to exist on disk — callers handle the
existence check separately so a missing repo becomes a 404
rather than a 400.