chore: Harden workflow against command injection in PR title validation

[cyber841]

Describe the issue this Pull Request addresses

Hi Apache Hudi Team,

As requested and suggested by Piotr P. Karwasz from the Apache Security Team, I am submitting this pull request to apply a security hardening improvement to the pr_title_validation.yml workflow.

Summary and Changelog

• Mapped the user-controlled github.event.pull_request.title context variable into an environment variable (env: PR_TITLE).
• Updated the inline shell script to reference the environment variable $PR_TITLE instead of direct inline expansion.

This protects the project's CI/CD runner environment from potential arbitrary command execution (Command Injection) through crafted PR titles if trigger types or job permissions are ever modified in the future.

Best regards,
Rasul Rasulzada

Impact

Security fix

Contributor's checklist

• Read through contributor's guide
• Enough context is provided in the sections above
• Adequate tests were added if applicable

[hudi-agent]

🤖 This review was generated by an AI agent and may contain mistakes. Please verify any suggestions before applying.

No reviewable code files in this PR.

cc @yihua

[yihua]

LGTM. Thanks for the fix @cyber841

[hudi-bot]

CI report:

• 2d74b12 Azure: SUCCESS
• ae0dc0d Azure: PENDING

Bot commands

@hudi-bot supports the following commands:

• @hudi-bot run azure re-run the last Azure build

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 68.16%. Comparing base (db46081) to head (ae0dc0d).
⚠️ Report is 3 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master   #18771   +/-   ##
=========================================
  Coverage     68.16%   68.16%           
- Complexity    29156    29157    +1     
=========================================
  Files          2521     2521           
  Lines        141371   141371           
  Branches      17549    17549           
=========================================
+ Hits          96359    96368    +9     
+ Misses        37081    37071   -10     
- Partials       7931     7932    +1     

Flag	Coverage Δ
common-and-other-modules	44.44% <ø> (+<0.01%)	⬆️
hadoop-mr-java-client	44.98% <ø> (-0.01%)	⬇️
spark-client-hadoop-common	48.31% <ø> (-0.01%)	⬇️
spark-java-tests	48.95% <ø> (+<0.01%)	⬆️
spark-scala-tests	44.85% <ø> (+<0.01%)	⬆️
utilities	37.56% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.
see 11 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.