QueueEntry tab delimiter collides with test names containing literal tabs

[ianks]

Bug

QueueEntry uses \t (tab) as the delimiter between test_id and file_path in queue entries:

DELIMITER = "\t"

def self.format(test_id, file_path)
  "#{test_id}#{DELIMITER}#{file_path}"
end

def self.parse(entry)
  test_id, file_path = entry.split(DELIMITER, 2)
  ...
end

When a test name contains a literal tab character, parse splits on the wrong tab and produces a garbage file path. The LazyEntryResolver then tries to require that path, causing a FileLoadError.

Reproduction

A test that dynamically defines methods from XSS payloads could contain a literal tab:

%(<IMG SRC="jav\tascript:alert('XSS');">)
# produces method: test_should_not_fall_for_xss_image_hack_<IMG SRC="jav[TAB]ascript:alert('XSS');">

The queue entry becomes:

TestClass#test_..._"jav[TAB]ascript:alert('XSS');">[TAB]test/unit/.../file.rb

parse splits on the first tab (inside the test name), so:

• test_id = TestClass#test_..._"jav (truncated)
• file_path = ascript:alert('XSS');">[TAB]test/unit/.../file.rb (garbage)

Error:

CI::Queue::FileLoadError: Failed to load ascript:alert('XSS');">    /app/.../safe_list_sanitizer_test.rb

Introduced in #375.