fix(cli): use single quote to prevent bash expansion

[mongj]

Fixes #973

Problem

When signing APKs or App Bundles, the keystore password and key password are passed to command-line tools (apksigner and jarsigner). Currently, these passwords were wrapped in double quotes ("), which allows bash to perform expansion on special characters like $, !, backticks, and others.

For example, if a user's keystore password contains characters like $ecret or pa$$word, bash would interpret $ecret or $$ as variable references, causing the signing process to fail with incorrect password errors.

Solution

Updated signApk() and signAppBundle() methods to use single quotes instead of double quotes for password parameters, so we use the password as a literal string. Also escapes single quotes in the password.

Testing

• Tested with passwords containing special characters ($, !, backticks)
• Verified APK and App Bundle signing still works with normal passwords

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.