Constrain tar driver paths to image root

[fsabiu]

This change adds root-confined path resolution for tar-backed image filesystem paths.

It treats absolute image paths as absolute inside the extracted image root, resolves symlink targets using image-root semantics, rejects traversal above that root, and applies the helper to tar extraction plus tar-driver StatFile, ReadFile, and ReadDir.

Tests added cover:

• rejecting tar entries, symlinks, and hardlinks that escape the extraction root
• preserving symlink resolution for valid image-root paths
• rejecting tar-driver file operations that escape the image root

Local validation:

• go test ./internal/pkgutil ./pkg/drivers -count=1

[gemini-code-assist]

Code Review

This pull request introduces a secure path resolution utility, ResolvePathInRoot, designed to prevent path traversal and ensure all file operations remain within a specified root directory. This utility is integrated into the tar unpacking logic and the TarDriver to safely handle symlinks and hard links. A review comment identifies a bug in hard link creation where symlinks are incorrectly followed; it is recommended to set followFinalSymlink to false for tar.TypeLink entries to ensure the link points to the entry itself rather than its target.