fix: prevent SQL injection with parameterized queries (fixes #4169)
- voter.service.ts: Convert stakeKey from string interpolation to $1 parameterized query, add hex validation - drep.service.ts: Convert search query from single-quote doubling to proper parameterized queries, escape array interpolations - getDReps.ts: Add queryParams parameter to support parameterized search - Add unit tests proving injection payloads are rejected/parameterized Closes IntersectMBO/govtool#4169