feat(gptel-tools): harden path validation with file-truename realpath

Resolves PATH through file-truename before applying home-directory and
read/write checks across the path-handling tools (git_status, git_log,
git_diff, move_to_trash, read_text_file, update_text_file,
write_text_file, list_directory_files, read_buffer, web_fetch).
Without the resolve step, a symlink under HOME pointing outside HOME
would pass the prefix check but the tool would act on the real target
-- a symlink-escape.

move_to_trash also tightens the trash-bin construction (treats empty
file extensions correctly) and switches the "critical directories"
list to truename-resolved canonical forms so a symlinked ~/.config
can't be trashed via an aliased path.

update_text_file fixes an off-by-one in the line-count derivation
when the source content is empty.

Each source change pairs with tests in tests/test-gptel-tools-*.el
and tests/test-update-text-file.el covering the realpath escape
paths, the empty-extension trash case, and the empty-content line-
count edge.  Combined coverage is now 100% across all ten gptel-tools
source files: 516 / 516 executable lines, 217 tests.

1 files changed, 3 insertions, 1 deletions

diff --git a/gptel-tools/read_buffer.el b/gptel-tools/read_buffer.el
index 1b4fc904a..c9136e3cf 100644
--- a/gptel-tools/read_buffer.el
+++ b/gptel-tools/read_buffer.el
@@ -14,7 +14,9 @@ error when no live buffer matches."
   (unless (buffer-live-p (get-buffer buffer))
     (error "Buffer %s is not live" buffer))
   (with-current-buffer buffer
-    (buffer-substring-no-properties (point-min) (point-max))))
+    (save-restriction
+      (widen)
+      (buffer-substring-no-properties (point-min) (point-max)))))
 
 (gptel-make-tool
  :name "read_buffer"