fix: validate manifest keys to prevent path traversal

[sanskar0627]

What

This PR adds validation of manifest keys in diff() to prevent path traversal.
Fixes #164

Why

validate_cache_path()currently only validates locally scanned files but is not applied to manifest keys when iterating them in diff(). A corrupted or tampered manifest could include keys like ../../etc/cron.d/evil, which would cause downstream consumers (cache pull, cache push) to write files outside the intended data directory.

The fix reuses the existing _validate_cache_path() validator, which already enforces the expected cache/v1/{timestamp}/{timestamp}/{name}/{file} format and applies it to manifest keys before they're yielded as DiffEntry objects. Invalid keys are logged and skipped.

Changes

• Apply _validate_cache_path() to manifest keys in diff(), skipping and logging invalid entries
• Added tests for traversal keys, embedded .. sequences, and mixed valid/invalid manifests
• Added end-to-end test confirming cache pull ignores manifests with traversal keys

Testing

All 291 tests pass. Ruff and Pyright report no issues.

$ uv run pytest tests/ -v
291 passed in 0.93s
$ uv run ruff check src/ tests/
All checks passed!
$ uv run pyright src/ tests/
0 errors, 0 warnings, 0 informations

[bassosimone]

After listing our project for GSoC, we received a large amount of pull requests across several repositories. We are dealing with the backlog, but this would take time. We will get back to this pull request eventually. In the meanwhile, if you are a GSoC applicant, please read our updated GSoC policy: https://github.com/m-lab/gsoc/.