Add filesystem policy path validation (same-path conflict, existence check, object-based conflict)

[SohamDas2021]

📖 Description

Validate filesystem paths across readwritePaths, readonlyPaths, and deniedPaths at config parse time:

1. Same-path conflict: most restrictive path wins- deny > r/o > r/w.
2. Paths must exist: warn if a listed path does not exist on the host (diagnostic aid; not a hard error since some backends create mount targets dynamically).
3. Object-based conflict: reject if two different path strings resolve to the same filesystem object (same device + inode on Unix, same canonical path on Windows) with conflicting intents.

All checks live in wxc_common and apply to every backend.

🔗 References

🔍 Validation

✅ Checklist

• Signed the Contributor License Agreement
• Linked to an issue
• Updated documentation (if applicable)
• Updated Copilot instructions (if build, architecture, or conventions changed)

📋 Issue Type

• Bug fix
• Feature
• Task

---

GitHub Actions runs the PR validation build automatically. The ADO pipeline
(MXC-PR-Build) is the official build pipeline that signs the binaries; it
runs on merge to main and nightly, and Microsoft reviewers can trigger it
on a PR with /azp run. See docs/pull-requests.md.

Microsoft Reviewers: Open in CodeFlow

[Copilot]

Pull request overview

Adds cross-list filesystem policy validation in wxc_common during config parsing to catch conflicting path intents early and provide better diagnostics for missing host paths.

Changes:

• Invoke new cross-list filesystem validation from validate_filesystem_paths.
• Implement same-path conflict detection, existence warnings, and object-based conflict checks (inode-based on Unix, canonicalization-based on Windows).
• Add unit tests for same-string conflicts across readwritePaths / readonlyPaths / deniedPaths.

[jsidewhite]

Can you add Daniel Dudugjian to this PR?