fix(aws-serverless-mcp-server): input validation for startup script generator parameters

[Vandita2020]

Summary

Defense-in-depth: Add input validation for entry_point and additional_env parameters in startup script generator. Added allowlist regex validation for entry_point and shlex.quote() escaping for environment variable values in generated startup scripts. Testing confirmed that arbitrary code execution is not achievable through the intended MCP client interface.

Checklist

If your change doesn't seem to apply, please leave them unchecked.

• I have reviewed the contributing guidelines
• I have performed a self-review of this change
• Changes have been tested
• Changes are documented

Is this a breaking change? (Y/N)
N

RFC issue number:

Checklist:

• Migration process documented
• Implement warnings (if it can live side by side)

Acknowledgment

By submitting this pull request, I confirm that you can use, modify, copy, and redistribute this contribution, under the terms of the project license.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 91.38%. Comparing base (9480a33) to head (39acec9).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #2854   +/-   ##
=======================================
  Coverage   91.37%   91.38%           
=======================================
  Files        1014     1014           
  Lines       74953    74973   +20     
  Branches    12047    12053    +6     
=======================================
+ Hits        68491    68511   +20     
  Misses       3990     3990           
  Partials     2472     2472           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.

[theagenticguy]

LGTM