fix(security): prevent Zip Slip path traversal vulnerability in input…

[zhenliemao]

Summary

This PR fixes CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability also known as Zip Slip.

Problem

The _extract_zip method in input_handler.py was using ZipFile.extractall() without any path validation, which allowed malicious zip files containing path traversal sequences (../) to write files outside the intended extraction directory.

Solution

Use Python 3.12+'s built-in filter="data" parameter for extractall(), which automatically rejects dangerous entries:

• Path traversal sequences (../ or Windows equivalent \..)
• Symbolic links
• Device files and other special file types

This is the official recommended secure extraction method from Python's standard library documentation.

Testing

1. Create a malicious zip file with path traversal entries:

   import zipfile
   with zipfile.ZipFile("malicious.zip", "w") as zf:
       zf.writestr("../../tmp/evil.py", "print('exploited')")

2. Attempt to scan the malicious zip:
   skillspector scan malicious.zip
3. Before this fix: The file would be extracted to /tmp/evil.py (outside the temp directory)
4. After this fix: Extraction fails safely with an error

Impact

• Security: High - prevents arbitrary file write vulnerability
• Backward compatibility: Full - Python 3.12+ is already the minimum required version in pyproject.toml
• Performance: No impact - filter is applied during extraction with negligible overhead

Fixes #109

Checklist

• I have read the CONTRIBUTING document
• My code follows the existing coding standards
• All existing tests pass
• My commit is signed off (DCO)

---