test: add path traversal security test cases for MCP exec_script handler

[jongio]

Summary

The handleExecScript() handler in mcp.go validates that script paths are contained within the project directory, but the test suite does not include path traversal attack vectors. Similarly, the executor's file path validation in executor.go (lines 82-107) lacks tests for symlink resolution, Windows UNC paths, and normalization edge cases.

Impact

• Path traversal is a critical security boundary for the MCP server — it prevents execution of arbitrary scripts outside the project
• Without explicit adversarial test cases, future refactors could inadvertently weaken this validation
• Windows-specific path edge cases (UNC paths, alternate data streams, 8.3 short names) are not covered

Current Test Coverage

What IS tested (mcp_test.go:393-445):

• Script path with valid project-relative path
• Nonexistent file rejection
• Directory path rejection
• Empty path rejection

What is NOT tested:

• Relative path traversal: ../../etc/passwd or ....\windows\system32\cmd.exe
• Null byte injection: script.sh%00.txt
• Windows UNC paths: \\server\share\script.sh
• Symlink following: symlink inside project pointing outside
• Path with embedded dot segments: /project/./../../outside/script.sh
• Case sensitivity edge cases on case-insensitive filesystems

Recommendation

Add a dedicated test table in mcp_test.go with adversarial path inputs:

1. Path traversal variants: ../../, ...., mixed separators
2. Null bytes: embedded %00 characters
3. Windows-specific: UNC paths, 8.3 short names, ADS (alternate data streams)
4. Symlinks: Create temp symlink pointing outside project dir, verify rejection
5. Normalization: Paths with redundant separators, trailing dots, embedded ./

Each test case should verify the handler returns an error and does NOT attempt execution.