commit: Gracefully handle paths escaping repo in LastCommitForPath

In 91e842a3 (git/log: Read last commit ID into buffer, 2023-08-28), we refactored LastCommitForPath to perform better error checking. Part of this change was to also verify that the git-log(1) command doesn't return an error where we previously just returned successfully in case its stdout was empty.

This change had the unexpected side effect that we now indeed detect errors in the way the RPC is getting called. Previously, when called with a path that escapes outside the repository root, we would have silently returned a successful response. But in general, it is quite likely that the actual intent was to treat the path as relative to the repostiory's root directory.

So even though we now start to fail in new ways, we can consider this to be a good thing because it causes us to detect misuses of our API that never worked. The way we treat this error isn't great though, as all we return to the caller is the information that the git-log(1) command has exited with an error.

Handle these erorrs more gracefully by detecting whether the provided paths would escape the repository root. If so, we now return an error with codes.InvalidArgument and a proper error message.

Closes Return INVALID_ARGUMENT status for incorrectly ... (#5575 - closed).