WIP: Sanitize debugger argv to prevent r2 command injection

[trufae]

Motivation

• The init_debug path previously concatenated unescaped argv into an r2 doo command, allowing ; or shell escapes in user-supplied args to inject extra r2 commands and enabling an RCE vector.
• The change aims to neutralize that injection surface while preserving the ability to pass arbitrary argument content to the debugged process.

Description

• Add escape_debug_arg and escape_debug_args helper functions to quote each argument and escape embedded quotes, backslashes, newlines, and carriage returns.
• Use the new escape_debug_args in R2Api::init_debug instead of args.join(" ") so the constructed doo command uses quoted, escaped arguments.
• Add unit tests under #[cfg(test)] that assert argument quoting and escaping behavior for spaces and special characters.

Testing

• Ran cargo test -p radius2 --lib, which could not complete in this environment because the boolector-sys vendored build attempted to download lingeling and failed with curl: (56) CONNECT tunnel failed, response 403. (test run failed)
• Ran cargo test -p radius2 --lib --no-default-features, which failed at link time due to missing -lboolector in this environment (linker error). (test run failed)
• Unit tests exercising the new escaping helpers were added and are expected to pass when the crate can be built and linked successfully in a full build environment.

---

Codex Task

[trufae]

Codex did a pretty bad job here, because the right fix would be to use the single quote or do the call instead of cmd here. im just creating the PR to raise the awareness of this bug