`ch-image`: can't pull images with absolute-path tar members (e.g. Distroless)

While working on #1139 (closed) I bumped into a issue with the interaction of ch-image pull and the Distroless tarballs. The Distroless tarballs contain absolute paths which fail the absolute path check in charliecloud.py
The error message:

$ ./ch-image pull gcr.io/distroless/python3
pulling image:    gcr.io/distroless/python3
requesting arch:  amd64
manifest list: using existing file
manifest: using existing file
config: using existing file
layer 1/4: b49b965: using existing file
layer 2/4: 9411f38: using existing file
layer 3/4: 3962157: using existing file
layer 4/4: bad8502: using existing file
flattening image
layer 1/4: b49b965: listing
layer 2/4: 9411f38: listing
layer 3/4: 3962157: listing
layer 4/4: bad8502: listing
validating tarball members
error: rejecting absolute path: /var/tmp/heasterday/ch-image/dlcache/bad8502764f1281cba060ca5d8fbe81231dfc7866403c8774ccac80e0c367f03.tar.gz: /usr

Examining the archive:

$ tar -tf /var/tmp/heasterday/ch-image/dlcache/bad8502764f1281cba060ca5d8fbe81231dfc7866403c8774ccac80e0c367f03.tar.gz
./
/usr/
/usr/bin/
/usr/bin/python
/usr/bin/python3
./etc/ld.so.cache
./var/
./var/lib/
./var/lib/dpkg/
./var/lib/dpkg/status.d/
./var/lib/dpkg/status.d/dash
./bin/
./bin/dash
./usr/
./usr/share/
....

My naive first thought, what if we injected "." before those paths?