fix: update README docs for shallow cloning

[skrobul]

Current example for using trufflehog in GitHub actions with shallow cloning is unfortunately susceptible to a quoting injection.

Specifically, if any of the commits include the single quote mark, the whole workflow terminates with a syntax error because the jq can no longer calculate length of the commits array. In fact, jq is not even launched because it's really bash waiting for the single quote to be terminated when evaluating this expression:

$(jq length <<< '${{ toJson(github.event.commits) }}')

This can be triggered with an example commit message of that's my commit. In such case, the toJson() produces something similar to this:

[
    {
      "author": {
        "email": "[email protected]",
        "name": "Marek Skrobacki",
        "username": "skrobul"
      },
      // ...
      "id": "1743e414cff505efac7e38128974cfa39cd56332",
      "message": "that's my commit",
      "timestamp": "2025-05-13T10:33:04-05:00",
      // ...
    }
  ]

While technically the input here could be sanitized with additional filtering, I believe using shell scripting for this is far from ideal.

My alternative proposal uses GitHub's native github-script which offers slightly more safety and avoids shell escaping issues.