extension_api.json is not sanitized

[OffsetMOSFET]

Godot version

4.2.2

godot-cpp version

4.2.2

System information

Ubuntu 22.04.4 LTS 64-bit

Issue description

When using a custom api file via extension_api.json, the field arguments/name for each method is used directly. I have a custom module, and I happened to use spaces, parenthesis, and brackets to describe the inputs of my functions. i.e.

ClassDB::bind_method(D_METHOD("example_function", "input (1)"), &Foo::example_function);

This does not create issues when compiling Godot. However, when compiling godot_cpp, it creates malformed function definitions:

void example_function(int input (1));

While this a fixable issue for me, there is a (very circumstantial) way to use this for code injection if the module came from a second party.

Steps to reproduce

Compile godot with modules with malformed input descriptions. Create and move the custom.api. Compile the GDExtension Project.

Minimal reproduction project

N/A

[AThousandShips]

This belongs in the main repo as it's related to generation, please open one here (No need)

This should be simple to fix by adding checks to the unit tests, will write a check for argument names for the unit tests and module makers can then use that for validation

Writing up a test addition

[AThousandShips]

Added a unit test for coverage:

• [Tests] Add check for argument name validity godot#94798

See there for more, we could add a validation step to the API dump but it'd be far more involved as we'd need to add other validations, but that would just duplicate the unit tests