security: fix query expansion issues from PR review

- Use MAX_EXPANDED_QUERIES constant in confluence_search.rs instead of hardcoded 3
- Improve escape_wiql() to escape more dangerous characters: ", \, (, ), ~, *, ?, ;, =
- Fix logging to show expanded_query instead of search_url in confluence_search.rs

All tests pass (142/142), cargo fmt and clippy pass.

src-tauri/src/integrations/azuredevops_search.rs

@@ -5,6 +5,15 @@ const MAX_EXPANDED_QUERIES: usize = 3;
 
 fn escape_wiql(s: &str) -> String {
     s.replace('\'', "''")
+        .replace('"', "\\\"")
+        .replace('\\', "\\\\")
+        .replace('(', "\\(")
+        .replace(')', "\\)")
+        .replace('~', "\\~")
+        .replace('*', "\\*")
+        .replace('?', "\\?")
+        .replace(';', "\\;")
+        .replace('=', "\\=")
 }
 
 /// Search Azure DevOps Wiki for content matching the query

src-tauri/src/integrations/confluence_search.rs

@@ -57,7 +57,10 @@ pub async fn search_confluence(
             urlencoding::encode(&safe_query)
         );
 
-        tracing::info!("Searching Confluence with expanded query: {}", search_url);
+        tracing::info!(
+            "Searching Confluence with expanded query: {}",
+            expanded_query
+        );
 
         let resp = client
             .get(&search_url)
@@ -80,7 +83,7 @@ pub async fn search_confluence(
             .map_err(|e| format!("Failed to parse Confluence search response: {e}"))?;
 
         if let Some(results_array) = json["results"].as_array() {
-            for item in results_array.iter().take(3) {
+            for item in results_array.iter().take(MAX_EXPANDED_QUERIES) {
                 let title = item["title"].as_str().unwrap_or("Untitled").to_string();
 
                 let id = item["content"]["id"].as_str();