cmd/go/internal/work: sanitize flags before invoking 'pkg-config'
The addition of CgoPkgConfig allowed execution with flags not
matching the safelist. In order to prevent potential arbitrary
code execution at build time, ensure that flags are validated
prior to invoking the 'pkg-config' binary.
Thank you to RyotaK (https://ryotak.net) of GMO Flatt Security Inc.
for reporting this issue.
Fixes CVE-2025-61731
Fixes #77100
Change-Id: Ic51b41f1f7e697ab98c9c32c6fae35f217f7f364
Reviewed-on: https://go-internal-review.googlesource.com/c/go/+/3240 Reviewed-by: Nicholas Husin <husin@google.com> Reviewed-by: Damien Neil <dneil@google.com>
Reviewed-on: https://go-review.googlesource.com/c/go/+/736711 Reviewed-by: Junyang Shao <shaojunyang@google.com>
Auto-Submit: Michael Pratt <mpratt@google.com>
LUCI-TryBot-Result: Go LUCI <golang-scoped@luci-project-accounts.iam.gserviceaccount.com>