Potential fix for code scanning alert no. 703: Arbitrary file write during tarfile extraction

[beat-buesser]

Potential fix for https://github.com/Trusted-AI/adversarial-robustness-toolbox/security/code-scanning/703

To fix the problem, we need to ensure that the paths within the tar archive do not contain any directory traversal elements (..). This can be achieved by validating each entry in the tar archive before extracting it. Specifically, we should check that the entry name is not an absolute path and does not contain any .. elements.

1. Modify the _extract function to include validation for each entry in the tar archive.
2. Raise an error if any entry is found to be unsafe.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[codecov]

Codecov Report

Attention: Patch coverage is 33.33333% with 2 lines in your changes missing coverage. Please review.

Project coverage is 85.33%. Comparing base (8c1214e) to head (d07b536).

Files with missing lines	Patch %	Lines
art/utils.py	33.33%	1 Missing and 1 partial ⚠️

Additional details and impacted files

@@              Coverage Diff               @@
##           dev_1.19.2    #2586      +/-   ##
==============================================
- Coverage       85.40%   85.33%   -0.07%     
==============================================
  Files             334      334              
  Lines           31002    31005       +3     
  Branches         5300     5302       +2     
==============================================
- Hits            26476    26457      -19     
- Misses           3056     3077      +21     
- Partials         1470     1471       +1     

Files with missing lines	Coverage Δ
art/utils.py	79.38% <33.33%> (-0.20%)	⬇️

... and 2 files with indirect coverage changes