fix(rtrim): remove regex to prevent ReDOS attack

[tux-tn]

This PR fixes a potential ReDOS in rtrim sanitizer. A try has been made in #1603 to fix the same vulnerability but it looks like we failed to prevent it.

The new implementation is not based on regex and is inspired by Steven Levithan's blog post and trim package implementation.

Thanks to @yetingli for discovering the vulnerability and huntr.dev for reporting it

Checklist

• PR contains only changes related; no stray files, etc.

[codecov]

Codecov Report

Merging #1738 (b21879c) into master (c899b31) will not change coverage.
The diff coverage is 100.00%.

@@            Coverage Diff            @@
##            master     #1738   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files          102       102           
  Lines         2015      2020    +5     
  Branches       454       454           
=========================================
+ Hits          2015      2020    +5     

Impacted Files	Coverage Δ
src/lib/rtrim.js	100.00% <100.00%> (ø)

---

Continue to review full report at Codecov.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update c899b31...b21879c. Read the comment docs.

[ezkemboi]

I am wondering why this is not in the else statement, but I might less understand that because we have done return already.

[tux-tn]

It's exactly that. If an if block contains a return statement, the else block is unnecessary and the instructions after the block will only be executed when the if condition is not met!

[profnandaa]

@tux-tn -- sorry missed on this one, will get it in for the release. Thanks!