Fix security issues

[sdepassio]

Description

Fix issues found by Aikido Security:

• Template Injection in GitHub Workflows Action
• Potential user input in HTTP request may allow SSRF attack
• Potential file inclusion attack via reading file

Type of change

• Patch fixing an issue (non-breaking change)
• New functionality (non-breaking change)
• Functionality enhancement or optimization (non-breaking change)
• Breaking change (patch or feature) that might cause side effects breaking part of the Software

Checklist

• I have followed the coding style guidelines provided by Centreon
• I have commented my code, especially hard-to-understand areas of the PR.
• I have rebased my development branch on the base branch (develop).
• In case of a new plugin, I have created the new packaging directory accordingly.
• I have implemented automated tests related to my commits.
  • Data used for automated tests are anonymized.
• I have reviewed all the help messages in all the .pm files I have modified.
  • All sentences begin with a capital letter.
  • All sentences end with a period.
  • I am able to understand all the help messages, if not, exchange with the PO or TW to rewrite them.
• After having created the PR, I will make sure that all the tests provided in this PR have run and passed.

Summary by Aikido

Security Issues: 0	Quality Issues: 0	✅ Resolved Issues: 16

⚡ Enhancements

• Hardened workflow actions to avoid template injection via environment variables
• Replaced direct expression interpolation with env variables for API calls

🔧 Refactors

• Validated and securely opened packaging files to prevent file inclusion
• Restricted partial-matrix filenames and used no-follow file descriptors

^{More info}

[github-actions]

Checkmarx One – Scan Summary & Details – fca92a81-c154-45a6-af2b-2f1ed831f56f

Great job! No new security vulnerabilities introduced in this pull request