[BUG] [v0.0.7] files/read and files/tree skip allowed-root validation

[wltt1004]

Summary

/api/v1/files/read and /api/v1/files/tree accept arbitrary paths without any allowed-root/path-security validation.

validate_path_for_read/validate_path_for_write/delete is used for mutating operations, but read/file-tree operations bypass these checks and operate on raw std::path::Path input.

Evidence

• src/cortex-app-server/src/api/files.rs:193-215 (read_file)
• src/cortex-app-server/src/api/files.rs:90-190 (get_file_tree)
• No calls to path_security::validate_path_for_read or safe canonicalization checks in these functions.

Impact

• Any reachable instance can expose arbitrary server filesystem contents to API callers (for example /etc/passwd, service keys, or source files outside the intended workspace).
• This is independent from the existing mkdir/rename validation gap and adds a separate read/listing disclosure vector.

Reproduction

POST /api/v1/files/read with body:
{ "path": "/etc/passwd" }

If path exists, the server returns file contents.

GET /api/v1/files/tree?path=/etc can similarly enumerate arbitrary directory trees.

Expected

All file endpoints should enforce the same path policy (validate_path_safe with allowed roots/symlink checks) unless explicitly documented as admin-only.

Suggested Fix

• Apply consistent validation (validate_path_for_read or equivalent) to read_file and get_file_tree.
• Add path allowlist tests for /etc, /proc, and symlink escape cases.