Reject path-traversal entries in test fixture ZIP extraction

Copilot review on #426 flagged that extract_addon_from_zip() trusted
the zip entry path after only checking the addons/godot_ai/ prefix;
a member like addons/godot_ai/../../outside would let target_addon/rel
escape the fixture directory. The runtime installer's
_is_safe_zip_addon_file() in update_reload_runner.gd already rejects
absolute paths and "." / ".." segments; mirror that guard in the
Python test helper.

Live-verified: a synthetic zip with an addons/godot_ai/../../escape.txt
member now raises ValueError with a clear message; clean zips still
extract normally. 903 pytest tests pass.

https://claude.ai/code/session_01VgXf3Lqv2ypt36g6EqpRYg

Author: claude

tests/integration/_self_update_fixture.py

@@ -279,6 +279,11 @@ def extract_addon_from_zip(zip_path: Path, target_addon: Path) -> None:
             if not info.filename.startswith("addons/godot_ai/") or info.is_dir():
                 continue
             rel = Path(info.filename).relative_to("addons/godot_ai")
+            if rel.is_absolute() or any(part in ("", ".", "..") for part in rel.parts):
+                raise ValueError(
+                    f"Refusing unsafe zip entry {info.filename!r}: relative path "
+                    f"{rel!s} contains absolute or traversal segments"
+                )
             out = target_addon / rel
             out.parent.mkdir(parents=True, exist_ok=True)
             out.write_bytes(zf.read(info.filename))