fix(utils): resolve command injection vulnerability in emptyFolder (3.x)

[mhassan1]

Motivation/Description of the PR

This PR resolves a command injection vulnerability in the emptyFolder utility (on the 3.x branch); see GHSA-34w8-mcwr-vg29.

Applicable helpers:

• Playwright
• Puppeteer
• WebDriver
• REST
• FileHelper
• Appium
• TestCafe

Applicable plugins:

• allure
• autoDelay
• autoLogin
• customLocator
• pauseOnFail
• coverage
• retryFailedStep
• screenshotOnFail
• selenoid
• stepByStepReport
• stepTimeout
• wdio
• subtitles

Type of change

• 🔥 Breaking changes
• 🚀 New functionality
• 🐛 Bug fix
• 🧹 Chore
• 📋 Documentation changes/updates
• ♨️ Hot fix
• 🔨 Markdown files fix - not related to source code
• 💅 Polish code

Checklist:

• Tests have been added
• Documentation has been added (Run npm run docs)
• Lint checking (Run npm run lint)
• Local tests are passed (Run npm test)

[Copilot]

Pull Request Overview

This PR fixes a critical command injection vulnerability in the emptyFolder utility function by replacing the unsafe shell command execution with safe Node.js filesystem operations.

• Replaces child_process.execSync with shell command concatenation with native fs operations
• Adds safety check for non-existent directories
• Changes from async to synchronous function signature

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}

[thomashohn]

@kobenguyent Could you re-trigger a build and merge it if ok?