Potential fix for code scanning alert no. 24: Incomplete multi-character sanitization

[Tanker187]

Potential fix for https://github.com/Tanker187/stagehand/security/code-scanning/24

In general, to fix incomplete multi-character sanitization when using regex replacements, you either (1) repeat the replacement until the string stabilizes so that newly introduced matches are also removed, or (2) change strategy (e.g., use a dedicated sanitizer or a different, character-based pattern). Here we want a minimal change that keeps current behavior (removing HTML comments) but ensures no partial <!--/--> sequences remain due to edge cases.

The best targeted fix is to wrap the existing comment-stripping replace call in a small loop that keeps applying the same regex until no further changes occur. This directly follows the pattern in the background example and avoids altering other parts of the function. Concretely, in packages/docs/scripts/sync-sdk-docs.js inside processReadmeContent, replace the single line:

processed = processed.replace(/<!--[\s\S]*?-->/g, '');

with a short block:

{
  let previous;
  do {
    previous = processed;
    processed = processed.replace(/<!--[\s\S]*?-->/g, '');
  } while (processed !== previous);
}

This introduces no new imports or dependencies and preserves existing semantics while ensuring that all occurrences (including those revealed after earlier removals) are stripped before proceeding with further processing.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.