Fix path traversal validation and mutation sanitization

- Fix isValidProjectRoot() in 4 API routes to properly prevent path traversal
  by using path.relative() to ensure paths stay within allowed base directory
  (replaces ineffective normalized.includes('..') check)

- Fix readiness-report.mjs to remove misleading path traversal validation
  that was ineffective after path.resolve() removes '..' segments

- Fix asNonEmptyString() in mutations.ts to only remove control characters
  while preserving backslashes (for Windows paths) and punctuation (for user text)

These changes address security review comments about ineffective path traversal
checks and mutation input corruption.

skills/beadboard-driver/scripts/readiness-report.mjs

@@ -44,16 +44,9 @@ async function withArtifactExistence(artifacts) {
     };
     if (typeof artifact.path === 'string' && artifact.path.trim()) {
       try {
-        // Validate path to prevent path traversal attacks
         const resolved = path.resolve(artifact.path);
-        const normalized = path.normalize(resolved);
-        // Check that the path doesn't contain traversal patterns
-        if (normalized.includes('..') || path.sep !== '/' && normalized.includes('..\\')) {
-          item.exists = false;
-        } else {
-          await fs.access(resolved);
-          item.exists = true;
-        }
+        await fs.access(resolved);
+        item.exists = true;
       } catch {
         item.exists = false;
       }