JavaScript API argument injection fixed; auth token no longer sent to object storage

Fixes

• (snapshots) Stop sending Sentry auth token to Objectstore (#3286)
• (js) Fix argument injection in JavaScript API's serializeOptions. String/number options now validate input types and prevent Array.prototype.concat() from flattening array values into separate CLI arguments. (#3287)