fn safe_resolve(user_path: &str) -> Result<PathBuf>Expand description
Resolve a user-supplied path and ensure it stays within the workspace root. Returns the canonical path on success, or an error if the path escapes the allowed directory (path traversal).