Validate FileArtifactService scope identifiers before building storage paths

[petrmarinec]

Summary

FileArtifactService validates artifact filenames against traversal, but it still builds the user/session scope directories from raw user_id and session_id values. Path separators and .. segments in those identifiers can move storage outside the intended scope before the filename guard runs.

Affected code

• src/google/adk/artifacts/file_artifact_service.py

Problem

_resolve_scoped_artifact_path() correctly keeps filename inside the provided scope root. However, FileArtifactService._base_root() and _session_artifacts_dir() use raw user_id and session_id path components.

As a result:

• crafted user_id values can escape the configured artifact root
• crafted session_id values can escape the intended per-user session scope

Expected behavior

user_id and session_id should remain single path components when used to construct artifact storage paths.

Proposed fix

Validate scope identifiers before path construction and reject values that are absolute paths, contain separators, or contain traversal segments.

Validation

I have a PR prepared that:

• validates user_id and session_id as single path components
• adds regression tests for invalid scope identifiers
• reproduces the escape on current origin/main
• passes pytest tests/unittests/artifacts in clean Linux Docker

[sasha-gitg]

closing in favor of #5110