Properly escape executable

Only escaping spaces it not sufficient in cases where
the plugin is used from a path containing an ampersand,
for example. Using escapeshellarg() on the path to the
executable should be enough to handle special characters.

Author: aboks

src/ComposerPlugin.php

@@ -210,7 +210,7 @@ private function runCaptainCommand(string $command): void
         $configuration  = ' -c ' . escapeshellarg($this->configuration);
         $repository     = $command === self::COMMAND_INSTALL ? ' -g ' . escapeshellarg($this->gitDirectory) : '';
         $skip           = $command === self::COMMAND_INSTALL ? ' -s' : '';
-        $executable     = str_replace(' ', '\\ ', $this->executable);
+        $executable     = escapeshellarg($this->executable);
 
         // sub process settings
         $cmd   = $executable . ' ' . $command . $ansi . $interaction . $skip . $configuration . $repository;