Fix OS command injection in ForkCurl consumer

The User-Agent header values (library name and version) from message
context were interpolated directly into a shell command without escaping,
allowing arbitrary command execution. Apply escapeshellarg() to the
User-Agent header and URL, consistent with how payload and secret are
already handled.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: MichaelGHSeg

lib/Consumer/ForkCurl.php

@@ -53,7 +53,7 @@ public function flushBatch(array $messages): bool
             $cmd .= ' -d ' . $payload;
         }
 
-        $cmd .= " '" . $url . "'";
+        $cmd .= ' ' . escapeshellarg($url);
 
         // Verify payload size is below 512KB
         if (strlen($payload) >= 500 * 1024) {
@@ -67,7 +67,7 @@ public function flushBatch(array $messages): bool
         $library = $messages[0]['context']['library'];
         $libName = $library['name'];
         $libVersion = $library['version'];
-        $cmd .= " -H 'User-Agent: $libName/$libVersion'";
+        $cmd .= ' -H ' . escapeshellarg("User-Agent: $libName/$libVersion");
 
         if (!$this->debug()) {
             $cmd .= ' > /dev/null 2>&1 &';