fix: potentially unsafe quoting (#913)

CodeQL always complained about this code and Copilot had a suggestion which solves it even though it wasn't really a problem in practice.

Signed-off-by: Chris Gianelloni <[email protected]>
Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: wolf31o2

cbor/value.go

@@ -231,14 +231,15 @@ func generateAstJsonMap[T map[any]any | Map](v T) ([]byte, error) {
 		if err != nil {
 			return nil, err
 		}
-		// NOTE: Github CodeQL hates this due to "potentially unsafe quoting", but it
-		// won't happen in practice since both values injected are auto-generated
-		tmpJson := fmt.Sprintf(
-			`{"k":%s,"v":%s}`,
-			keyAstJson,
-			valAstJson,
-		)
-		tmpItems = append(tmpItems, tmpJson)
+		tmpJsonMap := map[string]json.RawMessage{
+			"k": keyAstJson,
+			"v": valAstJson,
+		}
+		tmpJson, err := json.Marshal(tmpJsonMap)
+		if err != nil {
+			return nil, err
+		}
+		tmpItems = append(tmpItems, string(tmpJson))
 	}
 	// We naively sort the rendered map items to give consistent ordering
 	sort.Strings(tmpItems)