Prevent CSV injection in address export

[darshan-Jahagirdar]

Fixes #539.

This hardens address book CSV export against spreadsheet formula injection by prefixing exported cells that begin with formula trigger characters (=, +, -, @, including after leading whitespace) with a single quote before writing the export through fputcsv().

Bounty: targets the $15 Bountysource bounty linked from #539.

Verification:

• D:\income-bounty-work\tools\php-8.4.21\php.exe -l familyconnections\addressbook.php
• D:\income-bounty-work\tools\php-8.4.21\php.exe -l familyconnections\inc\utils.php
• Direct cleanCsvField PHP checks for =, +, -, @, leading-whitespace formula prefixes, and normal text passed.
• git diff --check passed before commit.

Note: I could not run the legacy Test-More test harness on this Windows/PHP 8.4 setup because the bundled tests/lib/test-more.php uses $this as a function parameter, which PHP 8 rejects before tests can run.

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Metrics 663 complexity · 0 duplication

Metric	Results
Complexity	663
Duplication	0

View in Codacy

_{NEW Get contextual insights on your PRs based on Codacy's metrics, along with PR and Jira context, without leaving GitHub. Enable AI reviewer
TIP This summary will be updated as you push new changes.}