Fixes npm/cli#7127

Aligns normalization logic with `directories.bin`

See also:
https://github.com/npm/normalize-package-data/blob/main/lib/fixer.js#L105
```js
  fixManField: function (data) {
    if (!data.man) {
      return
    }
    if (typeof data.man === 'string') {
      data.man = [data.man]
    }
  },
```

* continues npm/read-package-json#177
* relates #104

CC @wraithgar

## What / Why

* Aligns path normalization logic when processing `bin` and `man` refs.
* Fixes out of scope path traversals for `bin`

```js
function unixifyPath (ref) {
  return ref.replace(/\\|:/g, '/')
}

function securePath (ref) {
  const secured = path.join('.', path.join('/', unixifyPath(ref)))
  return secured.startsWith('.') ? '' : secured
}

function secureAndUnixifyPath (ref) {
  return unixifyPath(securePath(ref))
}
```

## References
continues
[#100](#100 (comment)),
#104

🤖 I have created a release *beep* *boop*
---


## [5.1.1](v5.1.0...v5.1.1)
(2024-05-28)

### Bug Fixes

*
[`54756d2`](54756d2)
[#105](#105) apply `securePath`
to package bin (#105) (@antongolub)
*
[`46c563b`](46c563b)
add `normalizePackageMan` helper (#100) (@antongolub)
*
[`a974274`](a974274)
prevent `directory.man` referencing outside the package root (#104)
(@antongolub)
*
[`191b521`](191b521)
[#102](#102) invalid scripts
warning fixed for undefined scripts (#102) (@milaninfy)

### Chores

*
[`45a2937`](45a2937)
[#98](#98) bump
@npmcli/template-oss to 4.22.0 (@lukekarrys)
*
[`90863c1`](90863c1)
[#98](#98) postinstall for
dependabot template-oss PR (@lukekarrys)

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>