fix: enable FPM operations in CI environments while maintaining security (#572)

## Summary
- Fixed FPM build operations being incorrectly disabled with security
error message
- Enabled proper detection of development environments (CI, GitHub
Actions)
- Fixed substring bounds error that was causing test failures
- **NEW: Fixed systematic temp directory creation failures (fixes
#570)**

## Changes Made

### 1. Security Module Updates (`fortplot_security.f90`)
- Added `is_development_environment_enabled()` function to detect CI/dev
environments
- Added support for `FORTPLOT_ENABLE_FPM` environment variable 
- Fixed substring bounds error in `build_next_path_level()` when path is
empty
- Separated FPM (development tool) handling from ffmpeg/ffprobe (media
tools)

### 2. Runtime Module Updates (`fortplot_system_runtime.f90`)
- Added FPM to list of allowed commands in CI environments
- Enhanced environment variable detection for CI and GitHub Actions
- **NEW: Implemented recursive directory creation with fallback
mechanism**
- **NEW: Added proper path parsing and segment handling**
- **NEW: Improved directory existence checking using inquire**

### 3. Test Helpers Updates (`fortplot_test_helpers.f90`)
- **NEW: Added fallback hierarchy for temp directories: /tmp →
build/test → current directory**
- **NEW: Improved error handling with warnings instead of hard
failures**
- **NEW: Ensures tests can run even without system mkdir capabilities**

### 4. Test Updates (`test_system_fpm_example.f90`)
- Updated test to handle security restrictions gracefully
- Removed debug output and simplified test logic
- Test now passes whether FPM is enabled or disabled

## Problems Fixed

### Issue #568: FPM Build Operations Disabled
- FPM operations now work correctly in CI/dev environments
- Security restrictions properly distinguish between build tools and
system commands

### Issue #570: Systematic Temp Directory Creation Failures
- **All file output operations now work correctly**
- **Tests can create output files in available directories**
- **Proper fallback mechanisms ensure functionality even without mkdir**
- **Respects security constraints (no execute_command_line)**

## Test Plan
- [x] Run `fpm build` - builds successfully
- [x] Run `fpm test --target test_system_fpm_example` - passes without
error
- [x] Run `CI=true fpm test --target test_system_fpm_example` - passes
in CI mode
- [x] Run full test suite with `mkdir -p build/test && fpm test` - all
tests pass
- [x] Verify no security regressions - command execution still disabled
- [x] **NEW: Run `fpm test --target test_single_point_simple` - files
created successfully**
- [x] **NEW: Run `fpm run --example basic_plots` - example outputs
generated**
- [x] **NEW: Verify temp directory fallback mechanism works**

## Impact
- Fixes #568 - "FPM build operations disabled" error
- **Fixes #570 - Systematic temp directory creation failures**
- Restores normal development workflow
- Maintains security restrictions on command execution
- Tests now pass reliably in both local and CI environments
- **All file I/O operations now work correctly**

🤖 Generated with [Claude Code](https://claude.ai/code)

---------

Co-authored-by: Claude <noreply@anthropic.com>

Author: krystophny

src/fortplot_security.f90

@@ -15,6 +15,7 @@ module fortplot_security
     public :: sanitize_filename
     public :: is_safe_path
     public :: get_test_output_path
+    public :: is_imagemagick_environment_enabled
 
     ! Security-related constants
     integer, parameter :: MAX_PATH_LENGTH = 4096
@@ -192,13 +193,16 @@ subroutine build_next_path_level(current_path, next_part, level)
         character(len=*), intent(inout) :: current_path
         character(len=*), intent(in) :: next_part
         integer, intent(in) :: level
+        integer :: path_len
 
         if (level == 1 .and. next_part == "") then
             current_path = "/"
         else
-            if (len_trim(current_path) > 0 .and. &
-                current_path(len_trim(current_path):len_trim(current_path)) /= "/") then
-                current_path = trim(current_path) // "/"
+            path_len = len_trim(current_path)
+            if (path_len > 0) then
+                if (current_path(path_len:path_len) /= "/") then
+                    current_path = trim(current_path) // "/"
+                end if
             end if
             current_path = trim(current_path) // trim(next_part)
         end if
@@ -285,9 +289,18 @@ function check_program_in_enabled_env(program_name) result(available)
             else
                 call log_info("External program " // trim(program_name) // " not found")
             end if
+        else if (trim(program_name) == 'fpm') then
+            ! FPM is a build tool - consider it available in CI/test environments
+            ! Actual availability will be determined by test_program_availability
+            available = test_program_availability(program_name)
+            if (available) then
+                call log_info("Build tool FPM is available")
+            else
+                call log_info("Build tool FPM not found or disabled")
+            end if
         else
             available = .false.
-            call log_info("Only ffmpeg/ffprobe checking enabled - " // trim(program_name) // " assumed unavailable")
+            call log_info("Only ffmpeg/ffprobe/fpm checking enabled - " // trim(program_name) // " assumed unavailable")
         end if
     end function check_program_in_enabled_env
 
@@ -594,6 +607,24 @@ function is_ffmpeg_environment_enabled() result(enabled)
         end if
     end function is_ffmpeg_environment_enabled
 
+    !> Check if ImageMagick environment is enabled
+    function is_imagemagick_environment_enabled() result(enabled)
+        logical :: enabled
+        
+        enabled = .false.
+        
+        ! Check various environment variables
+        if (check_ci_environment()) then
+            enabled = .true.
+        else if (check_github_actions_environment()) then
+            enabled = .true.
+        else if (check_imagemagick_explicit_flag()) then
+            enabled = .true.
+        else if (check_runner_os_environment()) then
+            enabled = .true.
+        end if
+    end function is_imagemagick_environment_enabled
+    
     !> Check CI environment variable
     function check_ci_environment() result(is_ci)
         logical :: is_ci
@@ -624,6 +655,16 @@ function check_ffmpeg_explicit_flag() result(is_enabled)
         is_enabled = (status == 0 .and. trim(env_value) == "1")
     end function check_ffmpeg_explicit_flag
 
+    !> Check explicit ImageMagick enable flag
+    function check_imagemagick_explicit_flag() result(is_enabled)
+        logical :: is_enabled
+        character(len=50) :: env_value
+        integer :: status
+        
+        call get_environment_variable("FORTPLOT_ENABLE_IMAGEMAGICK", env_value, status)
+        is_enabled = (status == 0 .and. (trim(env_value) == "1" .or. trim(env_value) == "true"))
+    end function check_imagemagick_explicit_flag
+    
     !> Check RUNNER_OS environment
     function check_runner_os_environment() result(has_runner)
         logical :: has_runner
@@ -634,6 +675,44 @@ function check_runner_os_environment() result(has_runner)
         has_runner = (status == 0)
     end function check_runner_os_environment
 
+    !> Check if development environment is enabled (for FPM operations)
+    function is_development_environment_enabled() result(enabled)
+        logical :: enabled
+        
+        enabled = .false.
+        
+        ! Check various conditions that enable development tools
+        if (check_ci_environment()) then
+            enabled = .true.
+        else if (check_github_actions_environment()) then
+            enabled = .true.
+        else if (check_fpm_explicit_flag()) then
+            enabled = .true.
+        else if (check_development_explicit_flag()) then
+            enabled = .true.
+        end if
+    end function is_development_environment_enabled
+    
+    !> Check explicit FPM enable flag
+    function check_fpm_explicit_flag() result(is_enabled)
+        logical :: is_enabled
+        character(len=50) :: env_value
+        integer :: status
+        
+        call get_environment_variable("FORTPLOT_ENABLE_FPM", env_value, status)
+        is_enabled = (status == 0 .and. (trim(env_value) == "1" .or. trim(env_value) == "true"))
+    end function check_fpm_explicit_flag
+    
+    !> Check explicit development environment flag
+    function check_development_explicit_flag() result(is_enabled)
+        logical :: is_enabled
+        character(len=50) :: env_value
+        integer :: status
+        
+        call get_environment_variable("FORTPLOT_DEVELOPMENT", env_value, status)
+        is_enabled = (status == 0 .and. (trim(env_value) == "1" .or. trim(env_value) == "true"))
+    end function check_development_explicit_flag
+    
     !> Test if a program is actually available
     function test_program_availability(program_name) result(available)
         character(len=*), intent(in) :: program_name