lualoader: Use cli_execute_unparsed instead of loader.interpret

loader.interpret should not be used for executing loader commands from an
untrusted source (e.g. environment vars) as it will allow execution of
arbitrary Lua. Replace it with a call to the recently introduced
cli_execute_unparsed, which parses it out as a loader command and then
dispatches it as a loader command. This effectively filters out arbitrary
Lua.

stand/lua/menu.lua

@@ -450,7 +450,7 @@ function menu.autoboot()
 	until time <= 0
 
 	local cmd = loader.getenv("menu_timeout_command") or "boot"
-	loader.interpret(cmd)
+	cli_execute_unparsed(cmd)
 end
 
 return menu