Add parent-directory symlink traversal guards #459
Description
Problem
Copilot review of PR #454 identified that assertNotSymlink only checks the leaf path. An attacker could place a symlink at a parent directory (e.g., .dev-team/hooks → /tmp/evil) and file operations would follow it even though the leaf path check passes on ENOENT.
Proposed change
Add an assertNoSymlinkInPath() function that walks up from the target path, checking each existing ancestor with lstatSync. Call it before mkdir/copy/rename operations on user-influenced paths.
Low priority — the attacker would need filesystem access to the project directory, and the race window is microseconds. But it's a defense-in-depth improvement.