[plan] Fix shellcheck quoting issues in shell scripts

[github-actions]

Objective

Add proper quotes around variable expansions in shell scripts to prevent word splitting and glob expansion issues.

Context

Priority: 🟡 Priority 3 (Code quality - potential runtime failures)

Actionlint identified 5 shellcheck SC2086 warnings across 2 workflows. Missing quotes around variables can cause unexpected behavior when variables contain spaces or special characters.

Affected Locations

go-pattern-detector.md

• Line 4425:9 in "Install ast-grep" step (1 occurrence)

release.md

• Line 464:9 in "Setup environment and fetch release data" step (3 occurrences at columns 36, 31, 48)
• Line 5887:9 in "Get release ID" step (1 occurrence at column 34)

Pattern to Fix

# ❌ Before (unquoted)
gh release view $RELEASE_TAG
jq length $JSON_FILE
cd $DIRECTORY

# ✅ After (quoted)
gh release view "$RELEASE_TAG"
jq length "$JSON_FILE"
cd "$DIRECTORY"

Approach

1. Review each affected line in the shell scripts
2. Add double quotes around all variable expansions
3. Ensure the changes don't break existing logic
4. Test the modified workflows

Files to Modify

• .github/workflows/go-pattern-detector.md (line ~4425)
• .github/workflows/release.md (lines ~464, ~5887)

Acceptance Criteria

• All variable expansions properly quoted
• Actionlint scan passes without SC2086 warnings
• Workflows compile successfully
• Shell scripts execute correctly with quoted variables
• No regression in workflow functionality

Testing

# Compile and validate both workflows
gh aw compile go-pattern-detector --actionlint
gh aw compile release --actionlint

Related to #5294

AI generated by Plan Command for discussion #5280