isISO6346 and isFreightContainerID accept malformed strings

[Noethix55555]

isISO6346 (and its alias isFreightContainerID) accepts strings with arbitrary leading or trailing characters, and accepts a literal comma.

The validation regex in src/lib/isISO6346.js is:

const isISO6346Str = /^[A-Z]{3}(U[0-9]{7})|([J,Z][0-9]{6,7})$/;

The alternation is not grouped, so ^ anchors only the first branch and $ only the second:

• ^[A-Z]{3}(U[0-9]{7}) matches anything starting with the owner prefix, U and 7 digits, ignoring trailing characters.
• ([J,Z][0-9]{6,7})$ matches anything ending with J/Z and 6-7 digits, ignoring the leading owner prefix.

[J,Z] is also a character class containing a literal comma. Inputs whose length is not 11 skip the checksum and return true, so malformed strings pass.

Reproduction:

const validator = require('validator');
validator.isISO6346('ABCU1234567HELLO'); // true, expected false
validator.isISO6346('CSQU3054383XXX');   // true, expected false (CSQU3054383 is valid, with trailing junk)
validator.isISO6346('hellozZ123456');    // true, expected false
validator.isISO6346('AB,123456');        // true, expected false (literal comma)

Fix: group the alternation inside the anchors and drop the comma, /^[A-Z]{3}(U[0-9]{7}|[JZ][0-9]{6,7})$/. This keeps every existing valid and invalid fixture correct and rejects the cases above. PR follows.