Potential fix for code scanning alert no. 6: Incomplete string escaping or encoding

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: bmhughes

libraries/sql/role.rb

@@ -68,9 +68,9 @@ def escape_password_for_sql(password)
           # SCRAM-SHA-256 passwords contain $ characters that can be interpreted
           # by shell or string processing. Escape them to prevent mangling.
           if password.start_with?('SCRAM-SHA-256')
-            password.gsub('\\', '\\\\\\\\').gsub('$', '\\$')
+            password.gsub('\\', '\\\\\\\\').gsub("'", "''").gsub('$', '\\$')
           else
-            password
+            password.gsub("'", "''")
           end
         end