Fix for code scanning alert no. 1035: Environment variable built from user-controlled sources

The concern is that the file in the artifact might be created by an attacker to inject values into the env var being set.

To address this vulnerability, we should strictly control the value of PR_NUMBER before it is written to $GITHUB_ENV. This means ensuring that:

- Only valid, single-line numeric data is used (since PR numbers are always positive integers).
- All potential for newlines, extra characters, or injection attacks is removed.
- explicitly validate that the value is non-empty and matches expectations
= Also, wrap the assignment in double quotes to further protect against expansion.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: ismith

.github/workflows/publish-test-results.yml

@@ -35,10 +35,13 @@ jobs:
 
       - name: Extract PR Number
         run: |
-          eventjson=`cat 'artifacts/Event File/event.json'`
-          prnumber=`echo $(jq -r '.pull_request.number' <<< "$eventjson")`
-          echo "PR_NUMBER=$(echo $prnumber | tr -cd '0-9')" >> $GITHUB_ENV
-      
+          prnumber=$(jq -r '.pull_request.number' < 'artifacts/Event File/event.json')
+          sanitized_prnumber=$(echo "$prnumber" | grep -E '^[0-9]+$' || echo "")
+          if [ -n "$sanitized_prnumber" ]; then
+            echo "PR_NUMBER=$sanitized_prnumber" >> "$GITHUB_ENV"
+          else
+            echo "PR_NUMBER=" >> "$GITHUB_ENV"
+          fi
       - name: Publish Unit Test Results
         uses: EnricoMi/publish-unit-test-result-action@v2
         with: