ci: fix upload sarif action

This broke in b588d1a594, which updated
all actions to pin by sha, but a bug in `zizmor` doesn't handle
mono-repo actions; it stripped `/upload-sarif`, so now uses the
top-level action, which is "valid" but a stub (sigh!).

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>

.github/workflows/ci.yml

@@ -154,7 +154,7 @@ jobs:
       -
         name: Upload SARIF report
         if: ${{ github.event_name != 'pull_request' && github.repository == 'moby/moby' }}
-        uses: github/codeql-action@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
+        uses: github/codeql-action/upload-sarif@c10b8064de6f491fea524254123dbe5e09572f13 # v4.35.1
         with:
           sarif_file: ${{ env.DESTDIR }}/govulncheck.out