Actions: Add new query `actions/code-injection/low` for code injection with step outputs

[owen-mc]

This has low precision but can catch serious issues. However, because of its low precision, it won't be included in any of our query suites. I'm not sure what to do about that.

The allowlist of actions whose outputs are not user-controlled was generated by copilot, using results from running this query on many repos using MRVA. I do not have the expertise to be sure that it is correct, so please check this. I am also interested in any other actions to add to the allowlist. Possibly we could allow users to add safe actions using data extensions, if there is demand.

[owen-mc]

@adityasharad Are you able to review this? CI was failing but rebasing has resolved it.