fix(writers/python): prevent code injection via x-ms-enum description

[MIchaelMainer]

Fixes a code injection vulnerability in the Python writer where malicious x-ms-enum description fields containing newline characters could break out of
inline comments (# ...) or docstrings and inject arbitrary Python code into generated output.

Changes

• PythonConventionService.RemoveInvalidDescriptionCharacters: Added newline stripping (\r\n, \r, \n → space) before the existing backslash and
  triple-quote replacements.
• CodeEnumWriterTests: Added two regression tests verifying hostile payloads with newlines and triple-quotes are properly neutralized.

Root Cause

The RemoveInvalidDescriptionCharacters method only handled backslash and triple-quote escaping but did not strip newline characters. Since Python
inline comments are single-line (# ...), an embedded newline would terminate the comment and allow subsequent text to execute as Python code.

Security Impact

A malicious OpenAPI specification could inject arbitrary Python code into generated SDK clients via the x-ms-enum extension's description field.

[baywet]

@MIchaelMainer some unit tests are failing. Could be transient.
Also do we have exposure in other languages?
Also, it'd be good to update the agent /copilot instructions to be on the look out for these kind of instances, I'm not sure why it didn't flag it in the initial fixes.

[baywet]

sorry, what I meant was to amend this one.

https://github.com/microsoft/kiota/blob/main/.github/instructions/writer-literal-security.instructions.md

that one

https://github.com/microsoft/kiota/blob/main/.github/skills/codegen-literal-security-scan/SKILL.md

this one

https://github.com/microsoft/kiota/blob/main/.github/agents/codegen-security-guardian.agent.md

And I think the reason why they didn't get looped in is because we don't have .github/copilot-instructions.md on this repository. (contrary to other repositories I work on)