fix: DLL hijacking vulnerability in c2patool (CAI-8608)

[scouten-adobe]

No description provided.

[codspeed-hq]

Merging this PR will not alter performance

✅ 30 untouched benchmarks
⏩ 64 skipped benchmarks¹

---

_{Comparing CAI-8608/dll-hijacking-vuln (37ef04f) with main (1c65e75)}

Footnotes

1. 64 benchmarks were skipped, so the baseline results were used instead. If they were deleted from the codebase, click here and archive them to remove them from the performance reports. ↩

[codecov]

Codecov Report

❌ Patch coverage is 65.92885% with 431 lines in your changes missing coverage. Please review.
✅ Project coverage is 78.60%. Comparing base (1982f5e) to head (37ef04f).
⚠️ Report is 107 commits behind head on main.

Files with missing lines	Patch %	Lines
cli/src/main.rs	37.34%	297 Missing ⚠️
cli/src/signer.rs	2.27%	43 Missing ⚠️
sdk/src/assertions/actions.rs	26.92%	19 Missing ⚠️
sdk/src/asset_handlers/jpegxl_io.rs	45.45%	18 Missing ⚠️
c2pa_c_ffi/src/c_api.rs	83.82%	11 Missing ⚠️
sdk/src/asset_handlers/bmff_io.rs	88.37%	10 Missing ⚠️
sdk/src/asset_handlers/jpeg_io.rs	92.24%	10 Missing ⚠️
sdk/src/asset_handlers/png_io.rs	92.38%	8 Missing ⚠️
sdk/src/asset_handlers/gif_io.rs	89.74%	4 Missing ⚠️
sdk/src/assertions/bmff_hash.rs	97.98%	3 Missing ⚠️
... and 5 more

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #2031      +/-   ##
==========================================
+ Coverage   77.70%   78.60%   +0.90%     
==========================================
  Files         176      176              
  Lines       44645    46361    +1716     
==========================================
+ Hits        34691    36443    +1752     
+ Misses       9954     9918      -36     

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[tmathern]

https://learn.microsoft.com/en-us/windows/win32/api/libloaderapi/nf-libloaderapi-setdefaultdlldirectories

SetDefaultDllDirectories has a return value, a bool indicating success. Shouldn't the result of this call be checked then?

Should not fail, but while hardening...