[RFE] Use SecureJoin in PATHs and sanitize input

[rata]

Current situation

We don't use https://github.com/cyphar/filepath-securejoin nor any alternative to minimize possible attacks when joining strings for a path. As some strings might be supplied by a user (so far is trusted, though), we might end up writing to an unexpected location if what we expect to be a suffix is something like "/../../etc/passwd".

Impact

We can inadvertently create files in other places of the filesystem rather than the expected ones. As we run as root, there are lot of places we can write to.

Ideal future situation

Use some helper to minimize chances of writing files to unexpected locations when joining strings for the name of the file we will create. Specially, for files that take user input.

**Implementation options

Use https://github.com/cyphar/filepath-securejoin and filepath.Base to sanitize input, as done in the example agent in this PR: opencontainers/runc#2682