fix: prevent path traversal in LaTeX macro handlers

[ceberam]

Summary

This PR adds path containment checks to prevent path traversals in the LaTeX backend and includes minor code style improvements.

Path checks

• Added path containment checks for \includegraphics and \input/\include macro handlers
• Prevents directory traversal attacks by validating that resolved paths stay within the base directory using is_relative_to()
• Logs warnings when path traversal attempts are detected

Code Style Improvements

• Removed unnecessary imports in LaTeX backend
• Replaced deprecated typing.List with modern list syntax

Checklist:

• Documentation has been updated, if necessary.
• Examples have been added, if necessary.
• Tests have been added, if necessary.

[github-actions]

✅ DCO Check Passed

Thanks @ceberam, all your commits are properly signed off. 🎉

[mergify]

Merge Protections

Your pull request matches the following merge protections and will not be merged until they are valid.

🟢 Enforce conventional commit

Wonderful, this rule succeeded.

Make sure that we follow https://www.conventionalcommits.org/en/v1.0.0/

• title ~= ^(fix|feat|docs|style|refactor|perf|test|build|ci|chore|revert)(?:\(.+\))?(!)?:

[codecov]

Codecov Report

❌ Patch coverage is 41.17647% with 10 lines in your changes missing coverage. Please review.

Files with missing lines	Patch %	Lines
docling/backend/latex/handlers/macros.py	41.17%	10 Missing ⚠️

📢 Thoughts on this report? Let us know!