Potential fix for code scanning alert no. 16: Shell command built from environment values

[SFARPak]

Potential fix for https://github.com/SFARPak/ACode/security/code-scanning/16

To fix the issue, avoid constructing the attrib shell command by string interpolation and passing it to execSync, which will spawn a subshell and allow possible injection via the interpolated path.
Instead, invoke the attrib.exe command directly with its arguments using execFileSync, passing the arguments as an array so that no shell interpretation occurs. This avoids special character problems and command injection risks. Specifically, in rmDir, replace:

execSync(`attrib -R "${dirPath}\\*.*" /S /D`, { stdio: "ignore" })

with:

execFileSync("attrib", ["-R", `${dirPath}\\*.*`, "/S", "/D"], { stdio: "ignore" })

Additionally, import execFileSync from child_process at the top of the file.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.