Fix possible CWE-94 in a workflow

Author: Haarolean

.github/workflows/backend.yml

@@ -38,13 +38,15 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN_BACKEND }}
+          HEAD_REF: ${{ github.head_ref }}
+          BASE_REF: ${{ github.base_ref }}
         run: |
           mvn versions:set -DnewVersion=${{ github.event.pull_request.head.sha }}
           mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar \
           -Dsonar.projectKey=com.provectus:kafka-ui_backend \
           -Dsonar.pullrequest.key=${{ github.event.pull_request.number }} \
-          -Dsonar.pullrequest.branch=${{ github.head_ref }} \
-          -Dsonar.pullrequest.base=${{ github.base_ref }}
+          -Dsonar.pullrequest.branch=$HEAD_REF \
+          -Dsonar.pullrequest.base=$BASE_REF
       - name: Build and analyze push master
         if: ${{ github.event_name == 'push' }}
         env: