Describe the bug

Having pipes in the branch name causes the command to error and run what is after the pipe as a separate command. This can cause malicious users to run code on the machine/container sourcebot is on.

To reproduce

Have a pipe(|) in branch or tag name.

Sourcebot deployment information

Sourcebot version (e.g. v3.0.1): v4.6.7
Look at backend/zoekt.ts
This can be solved by using quotes around the branches/tags in the zoekt-git-index command on line 66 of zoekt.ts. Also take a look at spawn instead of exec for running the command, spawn has some built-in escaping for special characters.

Additional information

No response