Fix SARIF upload branch ref/sha

[mandreko-bitwarden]

🎟️ Tracking

https://bitwarden.atlassian.net/browse/VULN-226

📔 Objective

Add correct ref/sha reference for main and PR branches, since codeql/upload-sarif doesn't handle pull_request_target properly.

⏰ Reminders before review

• Contributor guidelines followed
• All formatters and local linters executed and passed
• Written new unit and / or integration tests where applicable
• Protected functional changes with optionality (feature flags)
• Used internationalization (i18n) for all UI strings
• CI builds passed
• Communicated to DevOps any deployment requirements
• Updated any necessary documentation (Confluence, contributing docs) or informed the documentation
  team

🦮 Reviewer guidelines

• 👍 (:+1:) or similar for great changes
• 📝 (:memo:) or ℹ️ (:information_source:) for notes or general info
• ❓ (:question:) for questions
• 🤔 (:thinking:) or 💭 (:thought_balloon:) for more open inquiry that's not quite a confirmed
  issue and could potentially benefit from discussion
• 🎨 (:art:) for suggestions / improvements
• ❌ (:x:) or ⚠️ (:warning:) for more significant problems or concerns needing attention
• 🌱 (:seedling:) or ♻️ (:recycle:) for future improvements or indications of technical debt
• ⛏ (:pick:) for minor or nitpick changes

[cloudflare-workers-and-pages]

Deploying contributing-docs with    Cloudflare Pages

Latest commit:	c3c2ea8
Status:	✅  Deploy successful!
Preview URL:	https://205b9f08.contributing-docs.pages.dev
Branch Preview URL:	https://sarif-upload-branch-fix.contributing-docs.pages.dev

View logs

[github-actions]

Checkmarx One – Scan Summary & Details – f7eb0130-a659-495a-b049-261a09690b29

New Issues (2)

Checkmarx found the following issues in this Pull Request

Severity	Issue	Source File / Package	Checkmarx Insight
	CVE-2025-27789	Npm-@babel/helpers-7.26.0	Vulnerable Package
	CVE-2025-27789	Npm-@babel/runtime-corejs3-7.26.0	Vulnerable Package