Fix npm auth environment variables with yarn 4 (v2)

[ecraig12345]

Turns out the previous fix for this issue forgot yarn 4...

When beachball is invoked via yarn, yarn injects a temp directory into PATH containing a shell-script shim for node. POSIX sh drops env vars with names containing invalid characters (/, :), so the npm auth token env var (e.g. npm_config_//registry.npmjs.org/:_authToken) gets silently discarded before reaching npm publish.

The fix (filtering those temp dirs from PATH for npm commands) already existed in packageManager.ts but it turns out it only handled yarn v1, not v4/berry. That version uses the prefix xfs- instead of yarn--.

In this PR:

• Update filterPathForNpm to check for xfs- dirs and move it to a separate file
• Since this workaround is brittle, add a new helper checkNpmAuthEnvPassthrough which is called during beachball publish to proactively detect new cases: if a token is configured, it verifies the env var name survives the subprocess boundary. On failure it logs a diagnostic including the full PATH and, when possible, a direct node ./path/to/beachball/bin/beachball.js invocation as a fallback.
• Add tests for both functions, including a realistic failure case (POSIX only) that creates a wrapper shim as node on PATH to reproduce the env-var-dropping behavior