🐛 fix(ci): replace ${{ head_commit.message }} expression with git log to avoid shell injection

PR #31 added a fallback to git log -1 --pretty=%B for the workflow_dispatch
case (where head_commit.message is empty), but kept ${{ ... }} as the primary
source. That expression is interpolated literally into the rendered shell
script — so a commit body containing a backtick, an unbalanced quote, or even
just a newline at an unfortunate position breaks the line that follows.

Symptom: every PR since #31 has shown:
  /var/run/act/workflow/12.sh: line 34: syntax error: unexpected newline
  ❌  Failure - Main Update badges and version (multiple commits, single push)

Fix: skip the expression entirely. git log -1 --pretty=%B reads the same
information from the actual commit and has no shell-injection surface.

.gitea/workflows/ci-cd.yaml

@@ -299,13 +299,11 @@ jobs:
           # Check for version bump on main branch
           if [ "${{ github.ref }}" = "refs/heads/main" ]; then
             echo "🔖 Checking for version bump..."
-            # ${{ github.event.head_commit.message }} is empty on workflow_dispatch (manual trigger).
-            # Fall back to the latest commit message from `git log` so the script always has input.
-            COMMIT_MSG="${{ github.event.head_commit.message }}"
-            if [ -z "$COMMIT_MSG" ]; then
+            # Always read from git log: ${{ github.event.head_commit.message }} expression
+            # is interpolated literally into the shell script, so any backtick, unbalanced
+            # quote, or special char in a commit body breaks the next line of the script
+            # (observed on PR #32-#35: 'syntax error: unexpected newline'). git log is safe.
             COMMIT_MSG=$(git log -1 --pretty=%B)
-              echo "  (using git log -1 because head_commit.message is empty - probably workflow_dispatch)"
-            fi
             ./scripts/ci-version-bump.sh "$COMMIT_MSG" --no-push
           fi