[SECURITY] Audit and harden archive extraction against Path Traversal (Zip Slip)

[aarchiev]

Problem

When unpacking a directory (handling .tar stream), we need to ensure that the archived paths do not contain relative paths (e.g., ../../) that could write files outside the destination directory.

Solution

1. Verify that the tar crate dependency handles path sanitization securely by default.
2. If not, manually check entry.path() during iteration in the unpack function to ensure it doesn't escape the target root.

Context

This is critical for rstf as it claims to be a secure tool.