Harden verbose context logging against terminal control-character injection

[Copilot]

This PR addresses the security review request by tightening output handling in verbose logs. It removes a terminal-injection vector where untrusted context values (workspace/repo/source) could emit control characters to stderr.

• Security hardening: verbose context output

  • Updated ResolvedContextReporter to sanitize workspace, repo, and source before writing diagnostic context lines.
  • Applies existing TerminalSanitizer at the log boundary so env/CLI/git-derived values cannot inject ANSI/control sequences.

• Focused regression coverage

  • Added ResolvedContextReporterTests to assert control characters are stripped in both:
    • LogRepoContext(...)
    • LogWorkspaceContext(...)

Example of the applied pattern:

var workspace = TerminalSanitizer.Sanitize(context.Workspace) ?? string.Empty;
var repo = TerminalSanitizer.Sanitize(context.Repo) ?? string.Empty;
var source = TerminalSanitizer.Sanitize(
    string.IsNullOrWhiteSpace(context.Source) ? "unknown" : context.Source
) ?? "unknown";

Console.Error.WriteLine($"Context: workspace={workspace} repo={repo} source={source}");

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.