Write a function to test get_package_mapping logic for security purposes

[rpkyle]

dashR currently uses a function to retrieve local paths to dependencies called get_package_mapping, which is critical for properly formatting response$body:

https://github.com/plotly/dashR/blob/7fa2581d41e8a33c8966490f51ef0ccf371edfd8/R/utils.R#L394-L425

There are potential security issues associated with malicious users specifying arbitrary paths; we should be careful that URLs cannot be constructed such that the dep_pkg constructed from the URL is a non-Dash-related package.

We should write a function to test that get_package_mapping validates its input and attempts to block arbitrary code execution.

@chriddyp @alexcjohnson