fix: add circular symlink detection and depth limit protection (#423)

* Fix unbounded recursive symlink resolution (DoS vulnerability)

Add cycle detection via visited-path tracking and a max depth limit
of 40 (matching Linux SYMLOOP_MAX) to getNode() and getFile(). A
malicious archive with circular symlinks (A → B → A) previously
caused infinite recursion / stack overflow.

https://claude.ai/code/session_01EakT1tL7rQvYhUiYjmKWm6

* Add tests for symlink recursion protection in Filesystem

Tests cover:
- Direct circular symlinks (A → B → A)
- Circular chains (A → B → C → A)
- Self-referencing symlinks
- Circular directory symlinks via getNode
- Max depth limit enforcement (chain of 50 exceeds limit of 40)
- Valid symlink chains within the depth limit still resolve
- followLinks=false bypasses symlink resolution

https://claude.ai/code/session_01EakT1tL7rQvYhUiYjmKWm6

---------

Co-authored-by: Claude <noreply@anthropic.com>