Disallow args in child_process execFile/spawn when the shell option is true

[mohd-akram]

The execFile and spawn functions allow passing the shell option to run a command using a shell. Despite the fact that setting this option to true means that arguments are no longer properly preserved, these functions continue to accept an array of arguments, giving the false impression that there is some isolation/escaping when behind the scenes the arguments are just concatenated. This can make it trivial to introduce bugs and security issues, and the behavior is also not aligned with exec which only accepts a single command string that is passed to the shell. To make this point clearer, invocations like this are currently accepted, which shouldn't be the case:

execFileSync('echo "hello', ['world"'], { shell: true }).toString()

[DanielVenable]

What behavior do you think it should have? Should it throw an error when the second argument isn't empty?

[mohd-akram]

Since spawn/execFile already allow omitting args, they should throw if it is provided.

[DanielVenable]

What kind of error should it throw?