fix: _update_file_in_git() follows symbolic links in temporary clones
Bail out if file path is outside the temp repo or inside the '.git/' folder.
This avoids data leak and unauthorized changes in files or git config.
Vulnerability discovered by Thomas Chauchefoin <thomas@chauchefoin.fr>
Fixes: rhbz#2278745, rhbz#2280725, rhbz#2280723, CVE-2024-4981
Signed-off-by: Dominik Wombacher <dominik@wombacher.cc>