executor: block stat get_mime on localhost

The get_mime option may be used to abuse the file utility.
This change disables this module argument.

Change-Id: Idc3bf8d101a15f572841b504ef16335281079142

zuul/ansible/action/normal.py

@@ -63,6 +63,8 @@ class ActionModule(normal.ActionModule):
 
         Block any access of files outside the zuul work dir.
         '''
+        if self._task.args.get('get_mime') is not None:
+            raise AnsibleError("get_mime on localhost is forbidden")
         paths._fail_if_unsafe(self._task.args['path'])
 
     def handle_file(self):