feat(565): update dir and file input to support working dir

[matthiasbruns]

Cherry picking constructor changes from #540

What this PR does / why we need it

Resolve file/dir inputs relative to the constructor file by wiring a filesystem working directory through input methods; default-deny path escapes with an explicit opt-out.

Changes (high level):

• Added WorkingDirectory handling to the input bindings

Which issue(s) this PR fixes

Fixes #565

[fabianburth]

Would it make sense to put the ensureWdOrPath function as a public function somewhere, so it can be reused?

[matthiasbruns]

Would it make sense to put the ensureWdOrPath function as a public function somewhere, so it can be reused?

I askes @jakobmoellerdev where this place would be - maybe you can give me a pointer :D

[jakobmoellerdev]

for reuse of your function consider something like

func GetBlobInWorkingDirectory(path, workingDir string) (*Blob, error) {
	path, err := ensureWdOrPath(path, workingDir)
	if err != nil {
		return nil, err
	}
	return GetBlobFromOSPath(path)
}

in the blob/filesystem bindings

[matthiasbruns]

for reuse of your function consider something like

func GetBlobInWorkingDirectory(path, workingDir string) (*Blob, error) {
	path, err := ensureWdOrPath(path, workingDir)
	if err != nil {
		return nil, err
	}
	return GetBlobFromOSPath(path)
}

in the blob/filesystem bindings

#557

After pr #572 557 is merged, I will update this one

[fabianburth]

I know this was like this before you touched it already, but since the tests make a lot of asserts (require.NoError(t,...)), we might want to think about introducing an r := require.New(t) and to be able to subsequently call r.NoError(...) without having to pass the testing environment.
You can check other tests for reference.

[matthiasbruns]

I hope I covered all requests now and we can merge this thing :D @fabianburth

[Copilot]

Pull Request Overview

This PR adds working directory support to file and directory input methods, allowing path resolution relative to a constructor file while preventing path traversal attacks. The changes enable secure file/directory handling with configurable working directory settings.

• Added WorkingDirectory field to InputMethod structs in both file and dir packages
• Introduced NewInputMethod constructors that accept a working directory parameter
• Updated blob processing functions to accept and use working directory for path resolution

Reviewed Changes

Copilot reviewed 6 out of 6 changed files in this pull request and generated 5 comments.

Show a summary per file

File	Description
bindings/go/input/file/method.go	Added WorkingDirectory field and NewInputMethod constructor; updated ProcessResource to use working directory
bindings/go/input/file/blob_test.go	Updated test calls to GetV1FileBlob to include working directory parameter
bindings/go/input/file/blob.go	Modified GetV1FileBlob to accept working directory and use filesystem.GetBlobInWorkingDirectory
bindings/go/input/dir/method.go	Added WorkingDirectory field and NewInputMethod constructor; updated ProcessResource to use working directory
bindings/go/input/dir/blob_test.go	Updated test calls to GetV1DirBlob to include working directory parameter
bindings/go/input/dir/blob.go	Modified GetV1DirBlob to accept working directory and added path validation

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}