Abusing VS Code’s Bootstrapping Functionality To Quietly Load Malicious Extensions