Validate git tree entry paths before checkpoint writes

[jcleira]

Summary

Add path validation to the mktree helper in internal/checkpoint/store.go to reject or normalize malformed tree entry names before writing checkpoint tree objects. Currently, tree entry names are formatted into git mktree input without any validation (store.go:50-65). If an absolute path or a path with empty segments leaks into a tree entry name, git mktree silently creates a corrupted tree object with empty-filename entries, causing git fsck badTree errors and breaking git bundle create --all.

Solution

Validate each treeEntry.name in the mktree function:

• Reject empty names with an error
• Reject or strip leading / (absolute paths)
• Reject names containing empty path segments (e.g., foo//bar)
• Reject names containing . or .. segments

Why

Corrupted tree objects on the checkpoint branch can cascade into repository-wide git failures. Since checkpoints are written on every commit via hooks, a single bad path can silently corrupt the branch. This was discovered in entireio/cli#886 where Windows absolute paths produced empty-named tree entries, and fixed in entireio/cli#902.

Source

• Origin: Shadow branches contain corrupted tree objects with empty filenames on Windows entireio/cli#886, Windows: reject absolute and malformed paths in git tree writes entireio/cli#902
• Detected from: entireio-cli-issues, entireio-cli-pulls