Sanitise string interpolation for GIT command arguments

[rimutaka]

There are a few places in the args are built from variable strings, which can be an attack vector. E.g. using a commit SHA1 or committer name.

E.g.

let mut git_args = vec![
        "log".into(),
        "--no-decorate".into(),
        "--name-only".into(),
        "--no-merges".into(),
        "--encoding=utf-8".into(),
    ];
    if let Some(author) = contributor_git_identity {
        git_args.push(["--author=\"", author, "\""].concat());
    };

I'm not sure if this is a real threat, but better be safe. Asked the question here https://www.reddit.com/r/rust/comments/kr989u/are_processcommand_arguments_safe_from_code/