fix: prevent SQL injection in timezone handling

Apply timezone validation before executing SET TIME ZONE command
to prevent potential SQL injection vulnerabilities.

Changes:
- Import and use isValidTimeZone() validation
- Throw error for invalid timezone strings
- Maintain support for all legitimate timezone formats

The validation ensures that only safe timezone strings are used
in raw SQL execution while preserving functionality.