#15941: fix(sessions): allow session file paths from other agents' sessions dirs

In multi-agent setups, each agent has its own sessions directory. When loading a session file for a non-main agent, the path validation incorrectly rejected absolute paths that belong to another agent's sessions directory. Add a fallback check that allows absolute paths residing in any valid agents/*/sessions/ directory. <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> Added fallback logic to allow absolute session file paths from other agents' session directories in multi-agent setups. Previously, the path validation would reject absolute paths pointing to a different agent's sessions directory, even though they were legitimate OpenClaw session files. - Modified `resolvePathWithinSessionsDir` in `src/config/sessions/paths.ts:87-91` to add a fallback check for absolute paths - Updated test in `src/config/sessions/paths.test.ts:99-109` to verify cross-agent session path acceptance - Changed test case in `src/config/sessions/paths.test.ts:111-117` to use `/etc/passwd` for invalid path testing **Critical issue found**: The path validation logic is too permissive and could allow access to files outside the OpenClaw state directory. The check only validates that the path contains "agents" and ends with "sessions", which would incorrectly allow malicious paths like `/etc/agents/evil/sessions/file.jsonl`. <h3>Confidence Score: 1/5</h3> - This PR introduces a security vulnerability that could allow path traversal outside the intended OpenClaw directories - The path validation logic uses substring matching (`includes("agents")`) and suffix checking (`endsWith("sessions")`) which is insufficient to restrict access to legitimate OpenClaw session directories. This could allow access to arbitrary files on the system that happen to have "agents" in their path and end with "sessions". The implementation needs to validate paths against the actual state directory root using proper path prefix checking. - src/config/sessions/paths.ts requires immediate attention - the path validation logic must be strengthened before merging _{Last reviewed commit: b39b435} <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->