set js/actions/injection as a high precision warning query

Author: erik-krogh

javascript/ql/src/Security/CWE-094/ExpressionInjection.ql

@@ -3,7 +3,7 @@
  * @description Using user-controlled GitHub Actions contexts like `run:` or `script:` may allow a malicious
  *              user to inject code into the GitHub action.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @precision high
  * @id js/actions/injection
  * @tags actions