Implement proper path resolution

[ncruces]

This is an umbrella issue intended to track the effort to implement the path resolution algorithm described by WASI filesystem.

As described prominently in our documentation, our current WASI filesystem implementation does not properly sandbox file system operations: https://github.com/tetratelabs/wazero/blob/111c51a1bd5acfd1e91afe489d28e52136a3e6d5/fsconfig.go#L64-L88

For emphasis:

The guest will have full access to this directory including escaping it via relative path lookups like "../../". Full access includes operations such as creating or deleting files, limited to any host level access controls.

The reason for this is that it is hard to provide an implementation that is simulateously:

1. portable to Windows and other non POSIX platforms
2. offers the POSIX semantics WASI specifies
3. sandboxes file system access

We have prioritized 1 and 2 over 3.

There's an ongoing effort to improve the situation, in #2254 and #2264 (thanks @yagehu).

This is challenging for various reasons. One is the wazero zero dependency policy that prevents us from using even sys/unix. Another is that this will introduce a performance regression, which can only be partially offset in certain platforms by specialization.