check github-advanced-security advices provided in #4127

[khassel]

While releasing I got code suggestions from github-advanced-security bot, see #4127

2 points:

• we should check (and implement) these suggestions
• why are these suggestions only coming on master? They should also occur on develop

[KristjanESPERANTO]

we should check (and implement) these suggestions

I think we can ignore both of those points. I've commented on the suggestions in #4127 accordingly. What do you think?

why are these suggestions only coming on master? They should also occur on develop

This is fixed since #4086 and the code suggestions are about code from PRs before #4086.