[task] Fix critical code injection vulnerability in create-branch.yml

[github-actions]

Objective

Fix the code injection vulnerability (CVE-severity) in .github/workflows/create-branch.yml where unsanitized user input is used in bash scripts.

Context

Poutine identified 2 critical injection points where github.event.inputs.name is used directly in bash scripts without proper sanitization. This is a critical security risk that could allow arbitrary code execution.

Related to discussion #3058

Approach

1. Locate the injection points in .github/workflows/create-branch.yml
2. Sanitize github.event.inputs.name before use in bash scripts
3. Use proper quoting and input validation
4. Consider using GitHub Actions expressions instead of bash variables where possible

Files to Modify

• .github/workflows/create-branch.yml

Acceptance Criteria

• User input from github.event.inputs.name is properly sanitized
• All bash scripts using this input are secured against injection
• Re-run poutine scan shows 0 injection warnings
• Workflow functionality is preserved

Security Impact

HIGH: This is a critical security vulnerability that could allow malicious users to execute arbitrary code in workflow context.
Related to #3058

AI generated by Plan Command for discussion #3058

[pelikhan]

@copilot delete the create branch workflow.