Make scripts/diff-filter.pl portable to macOS

[tautschnig]

This change impact analysis helper used sed in ways not portable to macOS.

• Each commit message has a non-empty body, explaining why the change was made.
• n/a Methods or procedures I have added are documented, following the guidelines provided in CODING_STANDARD.md.
• n/a The feature or user visible behaviour I have added or modified has been documented in the User Guide in doc/cprover-manual/
• Regression or unit tests are included, or existing tests cover the modified code (in this case I have detailed which ones those are in the commit message).
• n/a My commit message includes data points confirming performance improvements (if claimed).
• My PR is restricted to a single feature or bugfix.
• n/a White-space or formatting changes outside the feature-related changed lines are in commits of their own.

[Copilot]

Pull request overview

This pull request fixes a macOS portability issue in the diff-filter.pl script by modifying the sed -i command to work on both GNU and BSD (macOS) sed implementations.

Changes:

• Modified sed -i to sed -i.bak with explicit backup extension for macOS compatibility
• Added cleanup step to remove the temporary backup file after editing

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

[Copilot]

The backtick-executed sed command interpolates $f_edit directly into a shell command without quoting or escaping, which allows shell metacharacters in file names from the goto-diff output to break out of the sed invocation and run arbitrary commands. An attacker controlling a file path in the diff (for example via a repository with crafted file names) can trigger command execution when this script is run. Use a safer invocation that avoids the shell (such as Perl’s system in list form or a pure-Perl edit) or ensure $f_edit is safely quoted/escaped so that any metacharacters are treated as literal path characters, not shell syntax.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 80.00%. Comparing base (15eb10a) to head (ef60854).

Additional details and impacted files

@@           Coverage Diff            @@
##           develop    #8839   +/-   ##
========================================
  Coverage    80.00%   80.00%           
========================================
  Files         1700     1700           
  Lines       188252   188252           
  Branches        73       73           
========================================
+ Hits        150613   150616    +3     
+ Misses       37639    37636    -3     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.