Be stricter about IPFS parent directory path traversal.

[Stebalien]

Version information:

go-ipfs version: 0.4.11-dev-48476b292
Repo version: 5
System version: amd64/linux
Golang version: go1.8.3

Type:

Bug

Severity:

Low

Description:

Currently, we all walking up to a parent directory using .. for convenience. However, we allow this behavior in two cases where it doesn't really make sense:

1. After a terminal file. That is, /ipfs/QmS4ustL54uo8FzR9455qaxZwuMiUhyvMcX9Ba8nUH4uVv/readme/../readme works. Unfortunately, fixing this without simply removing parent directory traversal may be a bit difficult.
2. At the root. That is, /ipfs/QmT78zSuBmuS4z925WZfrqQ1qHaJ56DQaTfyMUF7F8ff5o/../QmS4ustL54uo8FzR9455qaxZwuMiUhyvMcX9Ba8nUH4uVv/readme. Actually, we allow any number of .. at the root: `/ipfs/QmT78zSuBmuS4z925WZfrqQ1qHaJ56DQaTfyMUF7F8ff5o/../../../adsf/../../../QmS4ustL54uo8FzR9455qaxZwuMiUhyvMcX9Ba8nUH4uVv/readme'.

I'm bringing this up because it can make security hard to reason about. That is, if someone naively parses /ipfs/QmGood/../QmBad/badCode and verifies that QmGood is trusted, they'll fetch badCode without realizing it. It was only dumb luck that prevented this from being an issue for the gateway @kyledrake is working on (a gateway with proper security origins).

[kevina]

Related: #3508 (comment)