Improved path traversal protection

Currently relative paths are validated against path traversals although in an incomplete manner. While relative paths with traversals do not cause problems for Gitaly in itself, we need be sure that every path accessed lies within the storage directories to ensure RPC callers can't access arbitrary paths. This commit replaces the path traversal checks by checking that the relative paths refer to paths within the root of the storage or the storage root itself.

Earlier attempt !2014 (merged) caused pipeline failures

Closes #2299 and #2419