Inbound will validate if the given candidate path is inside the
baseDir. This is useful to make sure that malicious candidates
are not targeting a file outside of baseDir boundaries.
Considerations:
- baseDir must be absolute path. Will return false otherwise
- candidate can be absolute or relative path
- candidate should not be symlink as only syntatic validation is
applied by this function