[oss-security] shell wildcard expansion (un)safety

https://seclists.org/oss-sec/2024/q4/56

@buherator Oh I have a draft about argument injections in bash sitting in my laptop for a looong time, it’s time to publish it!

Definitely not a shell issue, but always fun to see that the end of options switch shouldn’t be taken as granted because it’s not always implemented (find, git, etc) or bogus (mercurial).