fix(postgres): prevent SQL injection via backticks in database names

Add validation to reject database names containing backtick characters
which could be used for SQL injection attacks in PostgreSQL connections.

Co-authored-by: Anguel <modelorona@users.noreply.github.com>

Author: claude[bot]

core/src/plugins/postgres/db.go

@@ -55,6 +55,11 @@ func validateDatabase(database string) error {
 		return fmt.Errorf("invalid database name: contains path traversal pattern")
 	}
 
+	// Check for backticks that could enable SQL injection
+	if strings.Contains(database, "`") {
+		return fmt.Errorf("invalid database name: contains backtick character")
+	}
+	
 	// Check for other URL-encoded characters that could be problematic
 	problematicEncoded := []string{"%00", "%20", "%22", "%27", "%3B", "%3C", "%3E"}
 	for _, encoded := range problematicEncoded {