Relative path enables malicious content to be imported or /dev/null

[prb112]

Describe the bug
Relative path enables malicious content to be imported or /dev/null with FileProvider

To Reproduce
Steps to reproduce the behavior:

1. Execute an Import with relative path, and the job is able to browse the path and import potentially malicious data.

Expected behavior
Reject the invalid path.

Additional context
@lmsurpre identfied

[lmsurpre]

I confirmed that relative paths are now prevented in preflight:

{
    "resourceType": "OperationOutcome",
    "id": "7f-0-0-1-d4b3528c-c24c-40e2-be52-55dc0a7a2ac2",
    "issue": [
        {
            "severity": "fatal",
            "code": "invalid",
            "details": {
                "text": "The path is outside the accepted base path"
            },
            "expression": [
                "<empty>"
            ]
        }
    ]
}

I also confirmed that the error is the same whether the path exists or not, so we are not leaking info about what files exist or not on the system (good).

If a user has access to the internal liberty batch endpoints, its still possible to import files outside fileBase, but that definitely seems acceptable to me.

Note: I also tried passing a path like ~/test and ${PWD}/test it interpreted those relative to the fileBase (/tmp/fhir-server/test/~/fakename and /tmp/fhir-server/test/$PWD/fakename respectively) and submitted the job with success.
Based on this, I added the following comment to an existing issue with a recommended update to the PreFlight check:
#2083 (comment)