ci: add input sanitization for PR comment arguments

[herdiyana256]

Validate and shell-quote arguments extracted from /gcbrun PR comments
before passing them to the GKE experiment pipeline.

In ci/ci_trial_build.py, each token from the PR comment body is now
checked against a character allowlist ([a-zA-Z0-9_\-\.\/,=:@]). Any
argument that contains characters outside this set causes the entire
command to be rejected and logged as a warning. This prevents unexpected
input from reaching the Kubernetes job template substitution step.

In ci/request_pr_exp.py, the additional_args list is now joined
using shlex.quote() so that special characters within individual
arguments are treated as literals by the bash -c interpreter that
runs the Kubernetes Job command string. This acts as a second layer of
defense covering both ci/k8s/pr-exp.yaml and ci/k8s/large-pr-exp.yaml.

Files changed:

• ci/ci_trial_build.py: Added _SAFE_ARG_PATTERN allowlist and
  _sanitize_shell_arg() validator; updated get_latest_gcbrun_command()
  to reject commands containing disallowed characters.
• ci/request_pr_exp.py: Added shlex import and shell-quoting for
  additional_args before template substitution.

[herdiyana256]

@google/oss-fuzz-gen-maintainers — Could someone review this patch?
It addresses a security issue reported via Google OSS VRP.
The security team is waiting for a merge confirmation.

[herdiyana256]

Hi @DonggeLiu, could you please review this patch when you get a chance?

This addresses a command injection vulnerability in the /gcbrun PR comment dispatcher — unsanitized arguments from PR comments were passed directly into a Kubernetes Job template that executes a bash -c command string. The fix adds an allowlist validator in ci_trial_build.py and shlex.quote() escaping in request_pr_exp.py.

The Google security team has acknowledged the patch (OSS VRP) and is waiting for a merge confirmation before proceeding with their evaluation. I appreciate your time!

Regard,