Project and workspace APIs should reject paths with `.` or `..` segments

[alexrp]

celerity/src/language/tooling/Projects/ProjectConfiguration.cs

Lines 86 to 99 in 29063c1

	var path = "src";
	if (root.TryGetProperty("path"u8, out var pathProp))
	{
	if (pathProp.ValueKind != JsonValueKind.String)
	Error("'path' property, if present, must be a string.");
	path = Path.TrimEndingDirectorySeparator(pathProp.GetString()!);
	if (Path.IsPathFullyQualified(path))
	Error("'path' property, if present, must be relative.");
	// TODO: It would be good to verify that the path does not contain any . or .. segments.
	}

celerity/src/language/tooling/Projects/ProjectConfiguration.cs

Lines 101 to 130 in 29063c1

	var paths = ImmutableDictionary<ModulePath, string>.Empty;
	if (root.TryGetProperty("paths"u8, out var pathsProp))
	{
	if (pathsProp.ValueKind != JsonValueKind.Object)
	Error("'paths' property, if present, must be an object.");
	foreach (var prop in pathsProp.EnumerateObject())
	{
	if (!ModulePath.TryCreate(prop.Name, out var modPath))
	Error($"Module path '{prop.Name}' is invalid.");
	if (paths.ContainsKey(modPath))
	Error($"Module path '{prop.Name}' has multiple entries.");
	var value = prop.Value;
	if (value.ValueKind != JsonValueKind.String)
	Error($"Directory path for module path '{prop.Name}' must be a string.");
	var dir = Path.TrimEndingDirectorySeparator(value.GetString()!);
	if (Path.IsPathFullyQualified(dir))
	Error($"Directory path for module path '{prop.Name}' must be relative.");
	// TODO: It would be good to verify that the path does not contain any . or .. segments.
	paths = paths.SetItem(modPath, dir);
	}
	}

celerity/src/language/tooling/Workspaces/WorkspaceWatcher.cs

Lines 14 to 20 in 29063c1

	internal static bool IsValidPath(string path)
	{
	Check.NullOrWhiteSpace(path);
	// TODO: It would be good to verify that the path does not contain any . or .. segments.
	return !Path.IsPathFullyQualified(path) && Path.GetExtension(path) == ".cel";
	}

[alexrp]

This is trivial enough on Unix, I think. I just don't know if Windows (with its insane complexity around paths) has any gotchas here...