feat(toolbox): update toolbox-template scripts

- Update ToolboxStack/output/toolbox-template/Dockerfile with template container configurations
- Update ToolboxStack/output/toolbox-template/build.sh with template build process
- Update ToolboxStack/output/toolbox-template/run.sh with template runtime configuration

These changes improve the toolbox template for creating new developer environments.

ToolboxStack/output/toolbox-template/build.sh

@@ -2,6 +2,18 @@
 
 set -euo pipefail
 
+# Security: Validate input parameters to prevent command injection
+sanitized_input() {
+    local input="$1"
+    # Check for potentially dangerous characters/commands
+    case "$input" in
+        *[\;\|\&\`\$]*)
+            echo "Error: Invalid input detected: $input" >&2
+            exit 1
+            ;;
+    esac
+}
+
 # Validate dependencies
 if ! command -v docker &> /dev/null; then
     echo "Error: docker is required but not installed." >&2
@@ -15,14 +27,22 @@ fi
 
 # Get the toolbox name from the directory name (or you can pass it as an argument)
 TOOLBOX_NAME="${TOOLBOX_NAME_OVERRIDE:-$(basename "$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)")}"
+sanitized_input "$TOOLBOX_NAME"
 IMAGE_NAME="tsysdevstack-toolboxstack-${TOOLBOX_NAME#toolbox-}"
+sanitized_input "$IMAGE_NAME"
 SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
 
+# Sanitize user input
 USER_ID="${USER_ID_OVERRIDE:-$(id -u)}"
+sanitized_input "$USER_ID"
 GROUP_ID="${GROUP_ID_OVERRIDE:-$(id -g)}"
+sanitized_input "$GROUP_ID"
 USERNAME="${USERNAME_OVERRIDE:-toolbox}"
+sanitized_input "$USERNAME"
 TEA_VERSION="${TEA_VERSION_OVERRIDE:-0.11.1}"
+sanitized_input "$TEA_VERSION"
 BUILDER_NAME="${BUILDER_NAME:-tsysdevstack-toolboxstack-builder}"
+sanitized_input "$BUILDER_NAME"
 CACHE_DIR="${SCRIPT_DIR}/.build-cache"
 
 echo "Building ${IMAGE_NAME} with UID=${USER_ID} GID=${GROUP_ID} USERNAME=${USERNAME}"