The path prefix check can be circumvented by regular users by passing
relative path component like so:

$ dbus-send --system --print-reply --dest=org.freedesktop.Accounts \
        /org/freedesktop/Accounts/User1000 \
        org.freedesktop.Accounts.User.SetIconFile \
        string:/usr/share/../../tmp/test

This results in a user controlled path being stored in the
accountsservice. Clients of accountsservice may unwittingly trust this
path.

To fix that situation this commit canonicalizes the input path before
the prefix comparison.

Some small changes to patch by Ray Strode.

https://bugs.freedesktop.org/show_bug.cgi?id=107085