#7616: Harden zip extraction against path traversal

## Summary\n- prevent zip-slip path traversal by tightening destDir checks\n- add a regression test for malicious zip entries\n\n## Testing\n- pnpm vitest run src/infra/archive.test.ts\n <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR tightens zip extraction path validation to mitigate zip-slip path traversal by ensuring resolved output paths stay within the destination directory, and adds a regression test covering a malicious `../` zip entry. It also extends `formatRelativeTime` to support future timestamps ("in Xm", "Tomorrow", etc.) and adds unit tests for both past and future formatting. These changes fit into the existing `src/infra/archive.ts` extraction helper used by plugin/hook installation flows, and into the `src/utils/time-format.ts` helper used for human-readable time strings in the CLI/TUI. <h3>Confidence Score: 3/5</h3> - Reasonably safe to merge, but the zip-slip guard may still be fragile if callers pass non-normalized destination paths. - The changes are small and well-covered by a regression test, but the current prefix-based containment check relies on string comparisons against `destDir` as provided, which can be bypassed or misbehave when `destDir` is relative or otherwise not normalized. The future-time formatting change is low risk but has some edge-case rounding behavior to double-check against UX expectations. - src/infra/archive.ts <!-- greptile_other_comments_section --> _{(3/5) Reply to the agent's comments like "Can you suggest a fix for this @greptileai?" or ask follow-up questions!} <!-- /greptile_comment -->