androidqf: APK download Path Traversal in device APK paths

### Summary During device acquisition, `getPathToLocalCopy()` constructs local filesystem paths for downloaded APKs using a filename component extracted by `extractFileName()`. The extraction splits on `==/` and takes the remainder without sanitization. If a compromised device returns a crafted APK path containing traversal sequences, `filepath.Join` resolves them, allowing the file to be written outside the intended `apks/` directory. Practical exploitability is limited because Android enforces strict package path formats under `/data/app/` and does not allow apps to register paths containing traversal sequences. Rated Informational as a defense-in-depth concern. ### Impact An attacker with control of the connected device could potentially write files outside the expected output directory on the acquisition workstation, leading to arbitrary file overwrite with attacker-controlled content. ### Patched version [1.8.3](https://github.com/mvt-project/androidqf/releases/tag/v1.8.3) ### Credits - This issue was identified during a security assessment conducted by 0xche. - An additional vulnerability was independently identified by @0x0v1