feat(toolbox): update toolbox-base scripts

- Update ToolboxStack/output/toolbox-base/Dockerfile with latest container configurations
- Update ToolboxStack/output/toolbox-base/build.sh with improved build process
- Update ToolboxStack/output/toolbox-base/run.sh with enhanced runtime configuration

These changes improve the base developer environment build and runtime capabilities.

ToolboxStack/output/toolbox-base/build.sh

@@ -2,6 +2,18 @@
 
 set -euo pipefail
 
+# Security: Validate input parameters to prevent command injection
+sanitized_input() {
+    local input="$1"
+    # Check for potentially dangerous characters/commands
+    case "$input" in
+        *[\;\|\&\`\$]*)
+            echo "Error: Invalid input detected: $input" >&2
+            exit 1
+            ;;
+    esac
+}
+
 # Validate dependencies
 if ! command -v docker &> /dev/null; then
     echo "Error: docker is required but not installed." >&2
@@ -16,15 +28,26 @@ fi
 IMAGE_NAME="tsysdevstack-toolboxstack-toolbox-base"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
+# Sanitize user input
 USER_ID="${USER_ID_OVERRIDE:-$(id -u)}"
+sanitized_input "$USER_ID"
 GROUP_ID="${GROUP_ID_OVERRIDE:-$(id -g)}"
+sanitized_input "$GROUP_ID"
 USERNAME="${USERNAME_OVERRIDE:-toolbox}"
+sanitized_input "$USERNAME"
 TEA_VERSION="${TEA_VERSION_OVERRIDE:-0.11.1}"
+sanitized_input "$TEA_VERSION"
 BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-toolboxstack-builder}"
+sanitized_input "$BUILDER_NAME"
 CACHE_DIR="${SCRIPT_DIR}/.build-cache"
 TAG="${TAG_OVERRIDE:-dev}"
+sanitized_input "$TAG"
 RELEASE_TAG="${RELEASE_TAG_OVERRIDE:-release-current}"
+sanitized_input "$RELEASE_TAG"
 VERSION_TAG="${VERSION_TAG_OVERRIDE:-}"
+if [[ -n "$VERSION_TAG" ]]; then
+    sanitized_input "$VERSION_TAG"
+fi
 PUSH="${PUSH_OVERRIDE:-false}"
 
 echo "Building ${IMAGE_NAME} with UID=${USER_ID} GID=${GROUP_ID} USERNAME=${USERNAME}"