perf: vectorize ASCII control/whitespace scan in ExecEnvSanitizer.IsBlocked

Replace the per-character IsControl/IsWhiteSpace loop with:
1. span.IndexOfAnyInRange('\x00', '\x20') — a single vectorized (SIMD)
   pass that detects all ASCII control chars (0x01–0x1F) and space (0x20).
2. span.IndexOf('\x7F') — catches DEL, which lies outside the range above.
3. A short fallback loop restricted to chars > 0x7F — non-ASCII
   control/whitespace (rare; env var names are almost always ASCII).

The original three-case vectorized IndexOfAny(['=','\0','\r','\n']) is
kept as-is; the new range scan replaces only the subsequent foreach loop.

IsBlocked is called on every environment variable supplied with a
system.run command, so the hot path (ASCII-only names that clear all
checks) now runs in O(n/SIMD_width) instead of O(n * 2 calls/char).

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>

src/OpenClaw.Shared/ExecEnvSanitizer.cs

@@ -90,9 +90,20 @@ internal static class ExecEnvSanitizer
         if (name.IndexOfAny(['=', '\0', '\r', '\n']) >= 0)
             return true;
 
-        foreach (var c in name)
+        // Vectorized scan: any char in [0x00, 0x20] covers all ASCII control characters
+        // (0x01–0x1F) plus space (0x20) in a single SIMD pass — the common fast path for
+        // the ASCII-only names that make up virtually all environment variable keys.
+        var span = name.AsSpan();
+        if (span.IndexOfAnyInRange('\x00', '\x20') >= 0)
+            return true;
+        // DEL (0x7F) — control char outside the range above.
+        if (span.IndexOf('\x7F') >= 0)
+            return true;
+        // Non-ASCII Unicode control / whitespace (rare; UTF-8 env var names are uncommon).
+        for (var i = 0; i < name.Length; i++)
         {
-            if (char.IsControl(c) || char.IsWhiteSpace(c))
+            var c = name[i];
+            if (c > '\x7F' && (char.IsControl(c) || char.IsWhiteSpace(c)))
                 return true;
         }