fix(CI): adress zimor warnings in the release workflow (#11916) (#11926)

* adress zimor warnings

- https://github.com/inventree/InvenTree/security/code-scanning/346
- https://github.com/inventree/InvenTree/security/code-scanning/345
- https://github.com/inventree/InvenTree/security/code-scanning/344
- https://github.com/inventree/InvenTree/security/code-scanning/343

* adress https://github.com/inventree/InvenTree/security/code-scanning/232

* fix template injection

* revert change

* collected improvements

* use native action

(cherry picked from commit 5d059fe725)

.github/workflows/qc_checks.yaml

@@ -789,13 +789,5 @@ jobs:
         uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # pin@v6.0.2
         with:
           persist-credentials: false
-      - uses: hynek/setup-cached-uv@4300ec2180bc77d705e626a34e381b81a4772c51 # pin@v2
-      - name: Run zizmor
-        run: uvx zizmor --format sarif . > results.sarif
-        env:
-          GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-      - name: Upload SARIF file
-        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # pin@v3
-        with:
-          sarif_file: results.sarif
-          category: zizmor
+      - name: Run zizmor 🌈
+        uses: zizmorcore/zizmor-action@b1d7e1fb5de872772f31590499237e7cce841e8e # v0.5.3