fix(security): Replace execSync with execFileSync to prevent command injection in clang-format script

- Replace child_process.execSync() with execFileSync() to prevent potential shell injection
- Use array of arguments instead of string concatenation for safer command execution
- Addresses command injection vulnerability flagged by Semgrep

Fixes: JS-1502
Related: VULN-1095

Co-Authored-By: fix-it-felix-sentry[bot] <260785270+fix-it-felix-sentry[bot]@users.noreply.github.com>

Author: fix-it-felix-sentry[bot]

scripts/clang-format.mjs

@@ -1,10 +1,9 @@
 import child_process from 'child_process';
 
 const args = ['--Werror', '-i', '--style=file', 'module.cc'];
-const cmd = `./node_modules/.bin/clang-format ${args.join(' ')}`;
 
 try {
-  child_process.execSync(cmd, {stdio: 'inherit'});
+  child_process.execFileSync('./node_modules/.bin/clang-format', args, {stdio: 'inherit'});
 } catch (e) {
   // This fails on linux_arm64
   // eslint-disable-next-line no-console