fix(tools): resolve Windows build errors and harden filesystem security

[badgerbees]

Problem

GoClaw currently fails to build on native Windows because it uses Unix-specific syscall.Access and syscall.Stat_t APIs in internal/tools/filesystem.go. A previous attempt at fixing this (PR #132) correctly identified the "build tag" approach but introduced several security and efficiency regressions on Windows, such as bypassing the hardlink check and creating unnecessary temporary files on disk.

What This PR Fixes

This PR provides a clean, platform-separated implementation that resolves the build errors while addressing all critical feedback from the previous maintainer review:

1. Robust Hardlink Detection (Fixed Critical [fix bug]:windows,syscall.Access、syscall.Stat_t build error #132 finding):
   Unlike the previous no-op implementation, this PR uses syscall.GetFileInformationByHandle to fetch NumberOfLinks on Windows. This ensures that hardlink-based escapes (e.g., trying to read an absolute file via a hardlink inside the workspace) are correctly blocked on Windows, matching the security parity of Linux.
2. Side-Effect-Free Writability Check (Fixed High [fix bug]:windows,syscall.Access、syscall.Stat_t build error #132 finding):

• Removed the logic that created real .wrchk temp files on disk.
• Implemented a native handle check: we now attempt to open the directory with GENERIC_WRITE. This is a memory-only check that avoids the risk of "artifact leakage" if a file cleanup fails or disk I/O issues occur.

3. Reliable Path Semantics (Fixed High [fix bug]:windows,syscall.Access、syscall.Stat_t build error #132 finding):
   Replaced the brittle strings.Split logic with a filepath.Dir traversal loop. This correctly handles volume roots (C:) and network UNC paths (\server\share), ensuring the security scanner always has a valid absolute path for each component.

To be honest I was just annoyed that I couldn't build and saw that someone had tried to fix this issue before but went missing so I decided to continue their work