## Summary Reject `organize` source entries that resolve outside the part install directory. This fixes cases where `organize` could read from absolute paths or use directory traversal to escape the install directory. ## Testing - `ruff check craft_parts/executor/organize.py tests/unit/executor/test_organize.py tests/unit/features/partitions/executor/test_organize.py` - `pytest -q tests/unit/executor/test_organize.py -rs` - `pytest -q tests/unit/features/partitions/executor/test_organize.py -rs` ## Notes This keeps normalized in-tree paths working, such as `dir/../foo`, while rejecting absolute and escaping source paths.