Improve workspace path handling for absolute paths #10
Description
Currently the policy client disallows all absolute paths. Instead, we should handle workspace-relative absolute paths intelligently. Current behavior blocks absolute paths entirely. Proposed behavior: (1) Request metadata includes workspace path prefix, (2) When validating file paths, if path starts with workspace prefix trim it off and validate the relative portion as normal, allowing workspace-absolute paths while maintaining security. Example: Workspace /Users/dev/project, absolute path /Users/dev/project/src/file.py gets trimmed to src/file.py and passes validation. Benefits include more intelligent path handling, allowing legitimate absolute paths within workspace, and maintaining security for paths outside workspace.
Acceptance Criteria:
- Workspace path included in request metadata
- Path validation trims workspace prefix
- Tests for workspace-relative absolute paths
- Tests for absolute paths outside workspace (still blocked)