Detect relative path traversal in shell executor sandbox

[bug-ops]

Context

Security audit (2026-02-15) found that zeph-tools/src/shell.rs:215-230 only validates absolute paths. Relative paths with .. are not checked.

Severity

Low — mitigated by default blocklist and permission policy framework.

Proposed fix

Extend extract_absolute_paths to also detect relative paths and .. traversal:

fn extract_all_file_paths(code: &str) -> Vec<&str> {
    code.split_whitespace()
        .filter(|token| {
            token.starts_with('/') ||
            token.starts_with("./") ||
            token.starts_with("../") ||
            token.contains("..")
        })
        .collect()
}

Canonicalize all extracted paths before sandbox validation.

Acceptance criteria

• Relative paths and .. traversal detected by sandbox
• Existing absolute path validation still works
• Tests cover relative path rejection