fix: harden update checker (sanitize tag, add HTTP timeout) (#29)

* fix: prevent command injection in update info display

- Sanitize tag input to allow only alphanumeric, '.', '-', '_' characters.
- Use sanitized tag in the installation command output.

Signed-off-by: staryxchen <staryxchen@tencent.com>

* refactor(update_checker): add timeout settings to HTTP client

- Set connect_timeout and timeout for improved request reliability

Signed-off-by: staryxchen <staryxchen@tencent.com>

* build: bump version to 0.7.2

- Update version in Cargo.toml to 0.7.2
- Update installation commands in README files to v0.7.2

Signed-off-by: staryxchen <staryxchen@tencent.com>

---------

Signed-off-by: staryxchen <staryxchen@tencent.com>

Author: staryxchen