Fix SQL injection in SQL Agent plugin via parameterized queries

Replace string concatenation with parameterized queries in all database
connectors to prevent SQL injection through LLM-generated table names.

Changes:
- PostgreSQL: Use $1, $2 placeholders with pg client parameterization
- MySQL: Use ? placeholders with mysql2 execute() prepared statements
- MSSQL: Use @p0 placeholders with request.input() parameterization
- Update handlers to support parameterized query objects
- Add formatQueryForDisplay() for logging parameterized queries

Security: Mitigates potential SQL injection when LLM passes unsanitized
user input as table_name parameter to getTableSchemaSql/getTablesSql.
GHSA-jwjx-mw2p-5wc7

server/utils/agents/aibitat/plugins/sql-agent/SQLConnectors/MSSQL.js

@@ -62,14 +62,19 @@ class MSSQLConnector {
   /**
    *
    * @param {string} queryString the SQL query to be run
+   * @param {Array} params optional parameters for prepared statement
    * @returns {Promise<import(".").QueryResult>}
    */
-  async runQuery(queryString = "") {
+  async runQuery(queryString = "", params = []) {
     const result = { rows: [], count: 0, error: null };
     try {
       if (!this.#connected) await this.connect();
 
-      const query = await this._client.query(queryString);
+      const request = this._client.request();
+      params.forEach((value, index) => {
+        request.input(`p${index}`, value);
+      });
+      const query = await request.query(queryString);
       result.rows = query.recordset;
       result.count = query.rowsAffected.reduce((sum, a) => sum + a, 0);
     } catch (err) {
@@ -99,7 +104,10 @@ class MSSQLConnector {
   }
 
   getTableSchemaSql(table_name) {
-    return `SELECT COLUMN_NAME,COLUMN_DEFAULT,IS_NULLABLE,DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME='${table_name}'`;
+    return {
+      query: `SELECT COLUMN_NAME, COLUMN_DEFAULT, IS_NULLABLE, DATA_TYPE FROM INFORMATION_SCHEMA.COLUMNS WHERE TABLE_NAME = @p0`,
+      params: [table_name],
+    };
   }
 }