SECURITY: Safely decompress backups when restoring. (#8166)

* SECURITY: Safely decompress backups when restoring.

* Fix tests and update theme_controller_spec to work with zip files instead of .tar.gz

lib/compression/pipeline.rb

@@ -21,11 +21,10 @@ module Compression
     end
 
     def decompress(dest_path, compressed_file_path, allow_non_root_folder: false)
-      to_decompress = compressed_file_path
-      @strategies.reverse.each do |strategy|
+      @strategies.reverse.reduce(compressed_file_path) do |to_decompress, strategy|
         last_extension = strategy.extension
         strategy.decompress(dest_path, to_decompress, allow_non_root_folder: allow_non_root_folder)
-        to_decompress = compressed_file_path.gsub(last_extension, '')
+        to_decompress.gsub(last_extension, '')
       end
     end
   end