fix: avoid shell injection by passing TAG as env var not inline expression

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: nattb8

.github/workflows/tag.yml

@@ -50,7 +50,8 @@ jobs:
           SHA=$(git rev-parse HEAD)
           gh api /repos/${{ github.repository }}/git/refs \
             --method POST \
-            -f ref="refs/tags/${{ env.TAG }}" \
+            -f ref="refs/tags/${TAG}" \
             -f sha="$SHA"
         env:
           GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          TAG: ${{ env.TAG }}