There is a vulnerability "insufficient escape of special chars for quoting of arguments by exec process" for python-language, if executing windows batch-files (bat/cmd).

### What version of python is affected?
All

### Does this issue reproduce with the latest master?
Yes

### What did you do?
Execution of batch-file using `subprocess` module with arguments containing some special meta-characters.

A recipe for reproducing the error as well as more extensive PoC with additional info (and more lang's affected also):
- https://github.com/sebres/PoC/blob/master/SB-0D-001-win-exec/README.md
A complete runnable program:
- https://github.com/sebres/PoC/blob/master/SB-0D-001-win-exec/test-dump-inv.py

#### A simple example:
```diff
 # invoke exe-file:
 >>> import subprocess
 >>> subprocess.call(['test-dump.exe', 'test&whoami'])
+    `test-dump.exe´ `test&whoami´
 # invoke cmd-file:
 >>> subprocess.call(['test-dump.CMD', 'test&whoami'])
-    `test-dump.exe´ `test´my_domain\sebres
```
For more "broken" cases, see the result of my test-suite:
- https://github.com/sebres/PoC/blob/master/SB-0D-001-win-exec/results/python.diff

### What did you expect to see?
Arguments are escaped/quoted properly.

### What did you see instead?
Arguments are insufficient escaped/quoted, so it is vulnerable currently.

### Solution:

For possible solution see the github-PR#8906:
- https://github.com/python/cpython/pull/8906 
For algorithm description:
- https://github.com/sebres/PoC/blob/master/SB-0D-001-win-exec/SOLUTION.md
resp. how it was fixed in TCL (C-code):
- https://core.tcl-lang.org/tcl/vdiff?from=core-8-5-branch&to=0-day-21b0629c81 (see the function `BuildCommandLine`)

### Possible similar issues:
bpo-33515