fix: enforce path validation for push/attach and improve path traversal failure message for pull

[suganyas]

What this PR does / why we need it:
I just tried to push an artifact file from linux environment from a absolute path or from different directory. The path is implicitly taken by the oras cli or oras sdk when I pushed it. Like the file was in a directory /home/vts/1/a.exe. and I pushed from /home/test. I am ok if the push fails stating me that the file is not in the current directory and for security reasons you have to be in same working directory. But the push passes and pull fails . So disallow is a much better option. I am sure when I used ORAS python SDK it did fail with error stating as here https://github.com/oras-project/oras-py/blob/209c9b98043a00d1b04789cc2967ca7021dc5b2e/oras/provider.py#L651 . The CLI should have same behaviour as SDK. Then push and pull are coherent. It can be a bad experience when push is ok and pull fails and when different people do it can be hard for people to understand why it fails and also cross platform can fail if it is not intentional

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #
#980
#983
#978
Please check the following list:

• Does the affected code have corresponding tests, e.g. unit test, E2E test?
• Does this change require a documentation update?
• Does this introduce breaking changes that would require an announcement or bumping the major version?
• Do all new files have an appropriate license header?

Screenshot showing the scenarios tested

[qweeah]

Can you help rename the PR following the conventional commits? Thanks

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 36.84211% with 12 lines in your changes missing coverage. Please review.

Project coverage is 80.94%. Comparing base (bf33bb7) to head (ae964ec).
Report is 330 commits behind head on main.

Files with missing lines	Patch %	Lines
cmd/oras/internal/option/packer.go	43.75%	6 Missing and 3 partials ⚠️
cmd/oras/root/pull.go	0.00%	2 Missing and 1 partial ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #988      +/-   ##
==========================================
- Coverage   81.26%   80.94%   -0.33%     
==========================================
  Files          53       53              
  Lines        2776     2792      +16     
==========================================
+ Hits         2256     2260       +4     
- Misses        352      360       +8     
- Partials      168      172       +4     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[qweeah]

LGTM

[shizhMSFT]

LGTM

[qweeah]

LGTM