fix(server): allow newlines in exec command arguments

[zanetworker]

Summary

Allow newline characters in sandbox exec command arguments so multi-line scripts (python3 -c "def f():\n ...", bash -c "echo 'line1\nline2'") work without base64 workarounds.

Related Issue

Fixes #1963

Changes

• shell_escape() (sandbox.rs): Remove newline rejection. Newlines inside POSIX single quotes are literal characters, not command separators. Null byte rejection preserved.
• validate_exec_request_fields() (validation.rs): Add reject_null_bytes() for exec command arguments instead of reject_control_chars(). Newline rejection preserved for workdir and environment values.

Testing

Verified end-to-end against a live gateway with podman driver on macOS:

$ openshell sandbox exec -n multiline-test -- python3 -c "
def hello():
    print('multi-line scripts work!')
hello()
"
multi-line scripts work!

• cargo test --package openshell-server — 857 tests pass, 0 failures
• Multi-line Python script via sandbox exec — works
• Multi-line bash script via sandbox exec — works
• Single-line commands — no regression
• Null bytes in args — still rejected
• Newlines in workdir — still rejected
• Newlines in env values — still rejected

Checklist

• Follows Conventional Commits
• Commits are signed off (DCO)
• Architecture docs updated (not applicable — no architectural change)

[copy-pr-bot]

This pull request requires additional validation before any workflows can run on NVIDIA's runners.

Pull request vetters can view their responsibilities here.

Contributors can view more details about this message here.

[elezar]

This test should include both CR/LF and a single quote in the same command argument. The risky interaction here is not just that newlines are accepted, but that multiline script text still composes correctly with POSIX single-quote escaping.

For example, something like print('one')\r\nprint('two') would give us regression coverage for the exact case this helper has to keep safe.

[elezar]

nit: This test name still says build_remote_exec_command, but the assertion now exercises validate_exec_request_fields(). Could we rename it to validate_exec_rejects_newlines_in_workdir, or drop it since validation.rs already has this coverage?

[elezar]

nit: The function comment above still says this validates control characters generally, but command args now intentionally allow CR/LF and only reject NUL. Maybe reword it to something like: Validate exec request size limits and field-specific character constraints.

[elezar]

Since this helper now allows \n/\r, the downstream command_preview fields in the exec logging paths should not log the assembled command raw. In line-oriented log sinks, user-controlled CR/LF can split records or create forged-looking continuation lines. Can we escape the preview before logging, and reuse the same helper for both non-interactive and interactive exec?

let command_preview: String = command
    .chars()
    .take(120)
    .flat_map(char::escape_default)
    .collect();

[elezar]

nit: crates/openshell-server/src/grpc/validation.rs:57 still calls reject_control_chars() for exec environment values, but validate_exec_env_entries() below routes through validate_env_entries_inner() and checks env values again. Keeping the length check in the direct loop makes sense, but the control-char check could be left to the env-entry validator.