FIX: add validation for containerID

[kaizakin]

Description

• added containerID validation following the similar approach as runc

Almost every command in urunc delete, kill, ps, start, run, and the internal re-exec phase calls the shared getUnikontainer() helper function to read the container ID from the command line and load its state.
by adding validateID inside this helper we've automatically secured all commands.

only the create command doesn't use the getUnikontainer() because the container state hasn't been initialized yet
so i explicitly added validateId there.

• Fixes we should probably validate containerID before constructing the containerDir path #714

How was this tested?

Manually tested by locally compiling urunc and simulating the path traversal attack vector

LLM usage

N/A

Checklist

• I have read the contribution guide.
• The linter passes locally (make lint).
• The e2e tests of at least one tool pass locally (make test_ctr, make test_nerdctl, make test_docker, make test_crictl).
• If LLMs were used: I have read the llm policy.

[netlify]

✅ Deploy Preview for urunc canceled.

Name	Link
🔨 Latest commit	23636fd
🔍 Latest deploy log	https://app.netlify.com/projects/urunc/deploys/6a14ab7cf9f2e50008145b30

[kaizakin]

Hey @cmainas

what's your opinion on this comment #714 (comment)
saying about securejoin.SecureJoin(root, id) instead of filepath.Join