WA-NEW-024: Audit and fix URI.escape/URI.encode usage

[kitcommerce]

Summary

URI.escape and URI.encode were removed in Ruby 3.0. There's a comment in core/app/models/workarea/navigation/redirect.rb:36 noting this, but we need to verify the fix is complete and check for any other occurrences.

Also check vendored active_shipping code which has multiple uses.

Scope

• core/app/models/workarea/navigation/redirect.rb — has comment about removal
• core/vendor/active_shipping/ — vendored code with URI.escape usage

Approach

Replace with CGI.escape, URI::DEFAULT_PARSER.escape, or Addressable::URI.encode depending on context.

Objective

Ensure zero URI.escape/URI.encode calls remain that would crash on Ruby 3.0+.

Client impact

None.

Acceptance Criteria

• No URI.escape or URI.encode in non-vendor application code
• Vendored code either fixed or shimmed
• Tests pass on Ruby 2.7.8

Verification Plan

1. grep -rn 'URI\.\(escape\|encode\)' --include='*.rb' core/app core/lib admin/ storefront/ | grep -v vendor returns zero
2. Run core test suite

[kitcommerce]

Dispatched to implementer. Branch: wa-new-024-uri-escape, targeting next.