Potential fix for code scanning alert no. 65: Uncontrolled data used in path expression

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: Shellishack

remote-workspace/src/servers/api-server/platform-api/handler.ts

@@ -19,8 +19,12 @@ function safeWorkspaceResolve(uri: string): string {
   // Resolve symlinks to their actual paths
   const realPath = fs.existsSync(absPath) ? fs.realpathSync(absPath) : absPath;
 
-  // Ensure it’s inside the workspace root
-  if (!realPath.startsWith(workspaceRoot + path.sep)) {
+  // Ensure it's inside the workspace root (strict, cross-platform)
+  const rel = path.relative(workspaceRoot, realPath);
+  if (
+    rel.startsWith('..') ||
+    path.isAbsolute(rel)
+  ) {
     throw new Error("Cannot access path outside of workspace path.");
   }