fix(security) : Fix race condition in file write operations (Symlink TOCTOU)

[l3tchupkt]

fixes(#1148)
Prevent symlink race condition attacks in WriteFiles() that could allow
arbitrary file writes outside the project directory.

Changes:

• Validate contentDir hasn't been swapped with symlink
• Check parent directory chain for symlink attacks
• Use O_NOFOLLOW | O_EXCL flags for atomic file writes
• Detect and block race conditions during file creation

Fixes: TOCTOU vulnerability in pull/clone operations

• [x ] npm run test succeeds.
• [ x] npm run lint succeeds.
• Appropriate changes to README are included in PR.

[l3tchupkt]

@sqrrrl please review!!

[l3tchupkt]

Hey @sqrrrl , since this fix addresses a TOCTOU vulnerability that could lead to arbitrary file writes, do you think it makes sense to track it as a security advisory or CVE?

Happy to help with details or writeup if needed.

[l3tchupkt]

also can you check #1145? I fixed the conflicts there.