fix(security): restrict default DllImport search to safe directories

Add assembly-wide [DefaultDllImportSearchPaths(AssemblyDirectory |
SafeDirectories)] so the runtime's initial native-library resolution
(before our DllImportResolver / FixDllNotFoundException fallback kicks
in) does not fall through to the current working directory or other
unsafe legacy search locations.

Resolves a DLL-hijack vector on Windows where libwebp.dll dropped into
CWD could be loaded before our trusted runtimes/<rid>/native/ copy.

Available since .NET Framework 4.0; honored across all target
frameworks (net472, net48, netstandard2.0, net8.0).

Author: lilith

src/Imazen.WebP/AssemblyInfo.cs

@@ -0,0 +1,15 @@
+using System.Runtime.InteropServices;
+
+// Restrict the default DLL search to the assembly directory and Windows safe
+// directories. This prevents the legacy fallback to the current working
+// directory (and other unsafe paths) when the runtime resolves libwebp via
+// DllImport before our DllImportResolver / FixDllNotFoundException logic runs.
+//
+// AssemblyDirectory: equivalent to LOAD_LIBRARY_SEARCH_DLL_LOAD_DIR for the
+// loading assembly.
+// SafeDirectories:   equivalent to LOAD_LIBRARY_SEARCH_SYSTEM32 plus the
+// user-added DLL directories.
+//
+// Available since .NET Framework 4.0; honored on .NET Core / .NET 5+ as well.
+[assembly: DefaultDllImportSearchPaths(
+    DllImportSearchPath.AssemblyDirectory | DllImportSearchPath.SafeDirectories)]