fix(validate): block workspace alias shell injection in generated bash steps

[Copilot]

Summary

Workspace alias values were validated too loosely, allowing shell metacharacters to pass into generated double-quoted bash arguments (--container-workdir / SafeOutputs bounding dir). This change closes that injection path by hardening alias validation and adding workspace-level expression rejection.

• Validation hardening

  • Tighten is_safe_path_segment to a strict allowlist: [A-Za-z0-9._-]
  • Keep existing traversal/newline guards (.., /, \, leading ., \n, \r)
  • Update error text to reflect the stricter contract

• Defense-in-depth on front matter

  • Extend validate_front_matter_identity to run reject_pipeline_injection on workspace

• Regression coverage

  • Add tests rejecting shell-metacharacter workspace aliases
  • Add tests rejecting ADO expression syntax in workspace

pub fn is_safe_path_segment(s: &str) -> bool {
    !s.is_empty()
        && !s.contains("..")
        && !s.contains('/')
        && !s.contains('\\')
        && !s.starts_with('.')
        && !s.contains('\n')
        && !s.contains('\r')
        && s.chars()
            .all(|c| c.is_ascii_alphanumeric() || matches!(c, '-' | '_' | '.'))
}

Test plan

Covered by existing and newly added unit tests in src/validate.rs and src/compile/common.rs.