Sanitize user data.

[fnando]

What

Sanitize more user data that's printed to the screen.

Why

Close https://hackerone.com/reports/3714798

Known limitations

N/A

[Copilot]

Pull request overview

This PR expands terminal-escape/control-byte sanitization for user/RPC/spec-derived strings printed by stellar (notably decoded contract events and spec verification/errors), aiming to close the referenced HackerOne report.

Changes:

• Add sanitized formatting for decoded contract events and regression tests ensuring attacker control bytes don’t reach terminal output.
• Sanitize additional spec warning/error strings in soroban-spec-tools, with tests to prevent regressions.
• Sanitize WASM export function names printed during contract build summary.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
cmd/soroban-cli/src/log/event.rs	Adds a helper to format decoded events using sanitize(...) and includes a regression test.
cmd/soroban-cli/src/commands/events.rs	Sanitizes decoded event name/topics/param names in pretty event output and adds a regression test via a buffer writer.
cmd/soroban-cli/src/commands/contract/info/interface.rs	Adds a security-focused comment explaining why Rust output is currently safe and when to sanitize in the future.
cmd/soroban-cli/src/commands/contract/build.rs	Sanitizes printed WASM export names to avoid control-byte injection in build summaries.
cmd/crates/soroban-spec-tools/src/verify.rs	Sanitizes Display strings for SpecWarning variants and adds regression tests.
cmd/crates/soroban-spec-tools/src/test_utils.rs	Introduces a shared test helper to assert output contains no control bytes (except \\n/\\t).
cmd/crates/soroban-spec-tools/src/lib.rs	Sanitizes several error payload strings (e.g., missing entry/key/enum-case paths) and adds regression tests.
cmd/crates/soroban-spec-tools/src/event.rs	Sanitizes parameter names included in event decode errors.