Fix shell injection in rez-build process

[JeanChristopheMorinPerso]

Fixes #417
Fixes #797
Fixes #937
Fixes #964
Fixes #1107

Fix shell injection in rez-build process caused by non-sanitized strings in environment variables.

Note that it doesn't improve the security by a lot. By design building something will execute code other than rez's code. But it increases security by relying on the principle of least surprise (it is very surprising to see random stuff in a string assigned to a variable named "description" to execute any code. Thre is another another side effect to this PR, which is the reduction in attack surface. No SCA (source code analysis) tool would be able to detect the vulnerable packages today without custom rules. With this PR, this problem goes away.

Marking as draft until we can add tests.

[codecov]

Codecov Report

❌ Patch coverage is 66.66667% with 1 line in your changes missing coverage. Please review.
✅ Project coverage is 58.80%. Comparing base (cd8476f) to head (447b9cb).

Files with missing lines	Patch %	Lines
src/rezplugins/build_system/custom.py	0.00%	1 Missing ⚠️

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1979      +/-   ##
==========================================
- Coverage   60.01%   58.80%   -1.21%     
==========================================
  Files         163      163              
  Lines       20098    20100       +2     
  Branches     3494     3494              
==========================================
- Hits        12062    11820     -242     
- Misses       7224     7458     +234     
- Partials      812      822      +10     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[JeanChristopheMorinPerso]

This protects against cases where a user passes something like

rez-build --myarg '$(run command)'

We were already doing that for elements in sequences anyway.

[maxnbk]

The test with the script output might be a little high-maintenance when making other changes to rez (potentially) and could be adjusted to one where you simply assert that the contents you expressed are in the script per-line, rather than the exact script equivalence, but that doesn't mean the fix and the test aren't both valid, so I am marking it approved, leaving it up to you to make the test less finicky if you choose to.