ci: remediate zizmor finding

[inahga]

Remediates this finding.

 info[template-injection]: code injection via template expansion
  --> ./.github/workflows/cps-review.yml:65:36
   |
41 |         uses: actions/github-script@v9
   |         ------------------------------ action accepts arbitrary code
42 |         with:
43 |           script: |
   |           ------ via this input
...
65 |             const flagNames = '${{ steps.newflags.outputs.flagnames }}';
   |                                    ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ may expand into attacker-controllable code
   |
   = note: audit confidence → Low

By storing the step output as an environment variable first, we avoid injecting directly into the script.

[inahga]

The comment fired twice because I did two actions simultaneously that triggered it (move from draft + request review). Not new behavior.