MDL-75044 assignfeedback_editpdf: Add SAFER option to GS command

Adds the SAFER option to the Ghostscript command to limit interaction
with IO and OS commands

mod/assign/feedback/editpdf/classes/pdf.php

@@ -677,7 +677,7 @@ public static function ensure_pdf_file_compatible($tempsrc) {
         $gsexec = \escapeshellarg($CFG->pathtogs);
         $tempdstarg = \escapeshellarg($tempdst);
         $tempsrcarg = \escapeshellarg($tempsrc);
-        $command = "$gsexec -q -sDEVICE=pdfwrite -dBATCH -dNOPAUSE -sOutputFile=$tempdstarg $tempsrcarg";
+        $command = "$gsexec -q -sDEVICE=pdfwrite -dSAFER -dBATCH -dNOPAUSE -sOutputFile=$tempdstarg $tempsrcarg";
         exec($command);
         if (!file_exists($tempdst)) {
             // Something has gone wrong in the conversion.