Use SafeJoin in V2 Tools Install endpoint

[umbynos]

Please check if the PR fulfills these requirements

• The PR has no duplicates (please search among the Pull Requests
  before creating one)
• Tests for the changes have been added (for bug fixes / features)

• What kind of change does this PR introduce?

Security Fix

• What is the current behavior?

The v2 install endpoint is vulnerable to path traversal vulnerability

• What is the new behavior?

That is fixed (leveraging the SafeJoin function introduced in #821)

• Does this PR introduce a breaking change?

No

• Other information:

[codecov-commenter]

Codecov Report

Attention: Patch coverage is 63.15789% with 7 lines in your changes missing coverage. Please review.

Project coverage is 18.37%. Comparing base (33080c3) to head (cdac540).
Report is 114 commits behind head on main.

Files with missing lines	Patch %	Lines
v2/pkgs/tools.go	63.15%	5 Missing and 2 partials ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main     #840      +/-   ##
==========================================
+ Coverage   18.20%   18.37%   +0.16%     
==========================================
  Files          53       53              
  Lines        4109     4120      +11     
==========================================
+ Hits          748      757       +9     
- Misses       3256     3257       +1     
- Partials      105      106       +1     

Flag	Coverage Δ
unit	18.37% <63.15%> (+0.16%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.