sort sql injection vulnerability, add gem brakeman

[StlMaris123]

Fixes #1189 (<=== Add issue number here)

• This PR fixes sql injection vulnerability
• Also adds Brakeman to help find more vulnerabilities
• This was the reference used
  Make sure these boxes are checked before your pull request (PR) is ready to be reviewed and merged. Thanks!

• PR is descriptively titled 📑 and links the original issue above 🔗
• tests pass -- look for a green checkbox ✔️ a few minutes after opening your PR -- or run tests locally with rake test
• code is in uniquely-named feature branch and has no merge conflicts 📁
• screenshots/GIFs are attached 📎 in case of UI updation
• ask @publiclab/mapknitter-reviewers for help, in a comment below

We're happy to help you get this ready -- don't be afraid to ask for help, and don't be discouraged if your tests fail at first!

If tests do fail, click on the red X to learn why by reading the logs.

Please be sure you've reviewed our contribution guidelines at https://publiclab.org/contributing-to-public-lab-software

Thanks!

[welcome]

Thanks for opening this pull request! Dangerbot will test out your code and reply in a bit with some pointers and requests.
There may be some errors, but don't worry! We're here to help! 👍🎉😄

[codeclimate]

Code Climate has analyzed commit 8c1d634 and detected 0 issues on this pull request.

View more on Code Climate.

[codecov]

Codecov Report

Merging #1214 into main will decrease coverage by 31.22%.
The diff coverage is 0%.

@@             Coverage Diff             @@
##             main    #1214       +/-   ##
===========================================
- Coverage   73.28%   42.05%   -31.23%     
===========================================
  Files          40       40               
  Lines        1400     1574      +174     
===========================================
- Hits         1026      662      -364     
- Misses        374      912      +538

Impacted Files	Coverage Δ
app/controllers/users_controller.rb	0% <0%> (-94.12%)	⬇️
app/mailers/comment_mailer.rb	0% <0%> (-100%)	⬇️
app/mailers/application_mailer.rb	0% <0%> (-100%)	⬇️
app/controllers/comments_controller.rb	0% <0%> (-100%)	⬇️
app/controllers/feeds_controller.rb	0% <0%> (-100%)	⬇️
app/controllers/utility_controller.rb	0% <0%> (-100%)	⬇️
app/controllers/export_controller.rb	0% <0%> (-90.91%)	⬇️
app/controllers/tags_controller.rb	0% <0%> (-89.66%)	⬇️
app/controllers/images_controller.rb	0% <0%> (-76.55%)	⬇️
... and 9 more

[jywarren]

Ah, could we do sort_column: sort_direction here?

Then, let's rebase and this looks great! Thank you @StlMaris123 !!!

[kaustubh-nair]

Looks great @StlMaris123
But I think brakeman is used only to detect vulnerabilities right?
So it should be better to add this to the development group if it isn't being used in production.

[StlMaris123]

Rebase taking too long to complete, closing this pr and opening another one