Adding validations to examiner so that child_process.spawn don't use a shell

[jorgemoralespou]

Fixes #837

[jorgemoralespou]

Adding some context from the slack thread linked in the issue:

From @GrahamDumpleton

I can’t easily reply right now as only have phone and bad internet but this code must be seen in context. That endpoint can only be executed if the user is authenticated against the session, and if they already have access to the session then they have access via their browser to a full shell terminal embedded in their browser anyway, to the container where they can run any command they want. This is the whole point of the session, to provide access to the container to run commands. If ability to run commands was blocked then the there is no point to the whole training system. The important thing to understand is the container they can access is isolated and ephemeral. So they can't get out of the container and it is designed as a sandbox where they can do stuff needed for the training session. They don't have access to root, only a normal user of the ephemeral container and can't access the actual Kubernetes nodes themselves.
So there may be perhaps a better way in that code you highlight to execute a sub process such that args are packaged properly for the process, but it is moot in context that the user has access to a full shell terminal anyway.
I am mostly offline at the moment but Jorge can probably talk to you more about it and explain it.
Also, that specific code would only be accessible if someone had enabled the examiner. So not accessible by default. But as said, if terminal is enabled they have shell access anyway.

Also:

All possible checking we can do here are somehow fruitless since one had shell access anyway, and we remediate by hardening the session image and session environment