Security patch v0.13.4

Security patch to fix a vulnerability in huggingface_hub. In some cases, downloading a file with hf_hub_download or snapshot_download could lead to overwriting any file on a Windows machine. With this fix, only files in the cache directory (or a user-defined directory) can be updated/overwritten.

• Malicious repo can overwrite any file on disk #429 @Wauplin

Full Changelog: v0.13.3...v0.13.4