Fix(ts): escape doc comment terminator in generated JSDoc

[Ky0toFu]

Summary

• Escapes the */ terminator in TypeScript doc comments before emitting them into /** ... */ JSDoc blocks.
• Prevents schema doc_comment lines from closing the JSDoc block and injecting top‑level JavaScript into the generated module.

Root cause

• src/idl_gen_ts.cpp::GenDocComment previously wrote " *" + line + "\n" directly into a JSDoc block without escaping */.
• A crafted .fbs doc line such as */console.log('PWNED_TS_RCE_FROM_GENERATED_CODE')/* would:
  • close the JSDoc block (*/),
  • emit console.log(...) as top‑level JS that runs on import/bundling,
  • and reopen a block comment (/*) so the final */ from the generator still parses.

Fix

• For each doc comment line in GenDocComment, copy it into a local safe string and replace all occurrences of */ with *\/ before writing it into the JSDoc block.
• This keeps the emitted code as a standard /** ... */ JSDoc block (so IDE/tooling hover docs still work), but user‑controlled docs can no longer terminate the comment and inject code.

Notes

• The original issue also proposed rendering docs as line comments in TypeScript (// ...) to make early termination impossible by construction.
• Given that many IDEs and the TS language service rely on /** ... */ JSDoc for hover documentation and IntelliSense, this change implements the minimal, backwards‑compatible escape‑based fix first.

Fixes #8725.

[google-cla]

Thanks for your pull request! It looks like this may be your first contribution to a Google open source project. Before we can look at your pull request, you'll need to sign a Contributor License Agreement (CLA).

View this failed invocation of the CLA check for more information.

For the most up to date status, view the checks section at the bottom of the pull request.

[bjornharrtell]

Looks clean to me.