CVE-2025-55201: Copier's safe template has arbitrary filesystem read/write access

Copier’s current security model shall restrict filesystem access through Jinja:

• Files can only be read using {% include ... %}, which is limited by Jinja to reading files from the subtree of the local template clone in our case.
• Files are written in the destination directory according to their counterparts in the template.

Copier suggests that it’s safe to generate a project from a safe template, i.e. one that doesn’t use unsafe features like custom Jinja extensions which would require passing the --UNSAFE,--trust flag. As it turns out, a safe template can currently read and write arbitrary files because we expose a few pathlib.Path objects in the Jinja context which have unconstrained I/O methods. This effectively renders our security model w.r.t. filesystem access useless.