Describe the bug

Filenames can include whitespace, so when word splitting is used erroneous values can be assigned to the script's positional parameters.

A clear and concise description of what the bug is. Include version by typing gh --version.
(installed from dnf:)
gh version 2.27.0 (2023-04-11)
https://github.com/cli/cli/releases/tag/v2.27.0

1. On the command line the script could parse json-file as multiple parameters, while the script doesn't check for the correct number of positional parameters.
2. On lines 5 & 6, the script's positional parameters $1 and $2 are allowed to be the null byte.

Steps to reproduce the behavior

1. Type this '...'
   git clone 'https://github.com/cli/cli'

bug 1:

Note whitespace in the filename.

clear; set -x; f="~/json file"; cat ~/gh_2.4.0_checksums.txt | ./cli-2.27.0/script/scoop-gen v2.4.0 $f; set -

bug 2:

clear
set -x
set --
set -- '' 'foo'
echo "$#"
echo "$@"
printf '%s' "$1" | od -tx1z
printf '%s' "$1" | cat -Aen
echo "${1?}" # tests for variable unset
echo "${1:?}" # tests for variable unset or null
set -

2. View the output '....'

bug 1:

• f='~/json file'
• ./cli-2.27.0/script/scoop-gen v2.4.0 '~/json' file
• cat /home/liveuser/gh_2.4.0_checksums.txt
  ./cli-2.27.0/script/scoop-gen: line 29: /json: No such file or directory
• set -

bug 2:

• set --
• set -- '' foo
• echo 2
  2
• echo '' foo
  foo
• od -tx1z
• printf %s ''
  0000000
• cat -Aen
• printf %s ''
• echo ''

bash: 1: parameter null or not set
...

3. See error

bug 1:

./cli-2.27.0/script/scoop-gen: line 29: /json: No such file or directory

bug 2:

bash: 1: parameter null or not set

Patches

Bug 1: add near top of file

[[ "$#" -eq 2 ]] || { echo "scoop-gen: cli args"; exit 1;}

Bug 2: at lines 5 and 6, add some colons before the question marks

tagname="${1:?}"
jsonfile="${2:?}"