MSTeams: fix regex injection in mention name formatting

Escape regex metacharacters in display names before constructing RegExp
to prevent runtime errors or unintended matches when names contain special
characters like (, ), ., +, ?, [, etc.

Add test coverage for names with regex metacharacters.

extensions/msteams/src/mentions.test.ts

@@ -208,4 +208,16 @@ describe("formatMentionText", () => {
 
     expect(result).toBe("Hello world");
   });
+
+  it("escapes regex metacharacters in names", () => {
+    const text = "Hey @John(Test) and @Alice.Smith";
+    const mentions = [
+      { id: "28:xxx", name: "John(Test)" },
+      { id: "28:yyy", name: "Alice.Smith" },
+    ];
+
+    const result = formatMentionText(text, mentions);
+
+    expect(result).toBe("Hey <at>John(Test)</at> and <at>Alice.Smith</at>");
+  });
 });

extensions/msteams/src/mentions.ts

@@ -106,7 +106,8 @@ export function formatMentionText(text: string, mentions: MentionInfo[]): string
   let formatted = text;
   for (const mention of mentions) {
     // Replace @Name or @name with <at>Name</at>
-    const namePattern = new RegExp(`@${mention.name}`, "gi");
+    const escapedName = mention.name.replace(/[.*+?^${}()|[\]\\]/g, "\\$&");
+    const namePattern = new RegExp(`@${escapedName}`, "gi");
     formatted = formatted.replace(namePattern, `<at>${mention.name}</at>`);
   }
   return formatted;