feat: add filename validation for windows

[dominikg]

The vue-inspector by @webfansplz contains code that prevents some filenames from being opened with a shell command

https://github.com/webfansplz/vite-plugin-vue-inspector/blob/main/src/launch-editor.ts#L336-L357

This is to prevent possible attacks where a crafted filename could be used to execute malicious commands.

Currently launch-editor does not have a check like this. It's hard to exploit because there is an fs.existsSync check but for defense in depth it would be better to not let these kinds of filenames through

The regex here https://github.com/webfansplz/vite-plugin-vue-inspector/blob/main/src/launch-editor.ts#L108-L112 looks longish, maybe a smaller list of forbidden chars does the trick too

[sodatea]

These are basically backports of facebook/create-react-app#4866 and facebook/create-react-app#5431
As Unicode character class escape has been supported since Node.js 10¹, I think we can use the uncompiled version here.

The only remaining problem is that this RegExp can't be parsed with our current ESLint setup.
I'll try to fix this issue when I have the time to move away from eslint-plugin-vue-libs and bump the ESLint major version in this repository.

Footnotes

1. https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Regular_expressions/Unicode_character_class_escape ↩