GHSA-vw86-c94w-v3x4: SiYuan: Publish Reader Path Traversal Delete via `removeUnusedAttributeView`

SiYuan’s publish/read-only boundary can be broken through /api/av/removeUnusedAttributeView.

A publish-service Reader context can call this endpoint because it is protected only by CheckAuth, and publish requests are forwarded upstream with a valid RoleReader JWT. The handler accepts attacker-controlled id input and passes it directly into a filesystem delete sink:

• no admin check
• no readonly check
• no node-ID validation
• no subpath enforcement
• no verification that the target AV is actually unused

Because the sink builds the file path with:

filepath.Join(util.DataDir, "storage", "av", id+".json")

an attacker can supply ../ path traversal sequences and delete arbitrary .json files reachable from the workspace, rather than only data/storage/av/<id>.json.

This is a real write/destructive authorization bug, not a visible=false listing issue.