fix(selectors): use sanitized serviceDeskId and encode SharePoint siteId

Use serviceDeskIdValidation.sanitized instead of raw serviceDeskId in JSM
request types URL. Add encodeURIComponent to SharePoint siteId to prevent
URL path injection.

Author: waleedlatif1

apps/sim/app/api/tools/jsm/selector-requesttypes/route.ts

@@ -66,7 +66,7 @@ export async function POST(request: Request) {
     }
 
     const baseUrl = getJsmApiBaseUrl(cloudId)
-    const url = `${baseUrl}/servicedesk/${serviceDeskId}/requesttype?limit=100`
+    const url = `${baseUrl}/servicedesk/${serviceDeskIdValidation.sanitized}/requesttype?limit=100`
 
     const response = await fetch(url, {
       method: 'GET',

apps/sim/app/api/tools/sharepoint/lists/route.ts

@@ -89,7 +89,7 @@ export async function GET(request: NextRequest) {
       return NextResponse.json({ error: 'Failed to obtain valid access token' }, { status: 401 })
     }
 
-    const url = `https://graph.microsoft.com/v1.0/sites/${siteId}/lists?$select=id,displayName,description,webUrl&$expand=list($select=hidden)&$top=100`
+    const url = `https://graph.microsoft.com/v1.0/sites/${encodeURIComponent(siteId)}/lists?$select=id,displayName,description,webUrl&$expand=list($select=hidden)&$top=100`
 
     const response = await fetch(url, {
       headers: {