[BUG] Validate extraction paths in downloadProgramArtifacts to prevent path traversal

[RinZ27]

Description

The function downloadProgramArtifacts in deployment/utils/solutils/artifacts.go extracts files from archives without validating that the destination paths stay within the target directory. This makes the system vulnerable to Zip Slip (Path Traversal via archive extraction), where a malicious archive can overwrite arbitrary files on the system if they have names like ../../etc/passwd.

Impact

An attacker providing a malicious artifact URL could potentially achieve Remote Code Execution (RCE) or system compromise by overwriting critical system files or binaries.

Proposed Fix

Implement a prefix check using filepath.Clean to ensure all extracted file paths are children of the intended target directory.