Backport initial tarfile sanitization
This patch replaces upstream fix for potential path traversal when extracting tar file [1] with initial patch provided by the reporters [2].
Upstream fix uses pathlib.Path.is_relative_to() which has been added in Python 3.9 [3] and is not available on dispatchers running Debian Buster.
[1] https://git.lavasoftware.org/lava/lava/-/merge_requests/1927 [2] https://github.com/Linaro/lava/pull/3 [3] https://github.com/python/cpython/pull/14982
Signed-off-by: Paweł Wieczorek pawiecz@collabora.com