codegen: escape string default values to prevent code injection (#8964)

String default values parsed from .fbs schemas are un-escaped by the IDL
parser (e.g., \x22 becomes a raw " byte), but code generators embed these
raw values directly into generated source code string literals. This allows
specially crafted .fbs files to break out of string literals and inject
arbitrary code into generated C++, Rust, TypeScript, and Swift source.

Fix by adding EscapeCodeGenString() helper that re-escapes string content
before embedding, and applying it to all 7 affected injection points across
5 code generators (C++, Rust, TypeScript, Swift, FBS).

Resolves the TODO comments in idl_gen_cpp.cpp and idl_gen_rust.cpp.

src/idl_gen_ts.cpp

@@ -529,7 +529,11 @@ class TsGenerator : public BaseGenerator {
         if (value.constant == "0" || value.constant == "null") {
           return "null";
         } else {
-          return "\"" + value.constant + "\"";
+          std::string escaped;
+          flatbuffers::EscapeString(value.constant.c_str(),
+                                    value.constant.length(), &escaped,
+                                    true, false);
+          return escaped;
         }
       }
       case BASE_TYPE_UNION: