[AAP-71476] Pass secrets via env block instead of command line in CI workflow

Move PDE_ORG_RESULTS_UPLOAD_PASSWORD from curl command-line argument to
step env block to avoid exposing the secret in process listings.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: lucasc017

.github/workflows/ci.yml

@@ -95,9 +95,12 @@ jobs:
         if: matrix.tests.junit-xml-upload && github.event_name == 'push' && github.repository == 'ansible/django-ansible-base' && github.ref_name == 'devel'
         continue-on-error: true
         run: >-
-          curl -v --user "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}:${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}"
+          curl -v --user "$PDE_UPLOAD_USER:$PDE_UPLOAD_PASSWORD"
           --form "xunit_xml=@django-ansible-base-test-results.xml"
           --form "component_name=django-ansible-base"
           --form "git_commit_sha=${{ github.sha }}"
           --form "git_repository_url=https://github.com/${{ github.repository }}"
           "${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_URL }}/api/results/upload/"
+        env:
+          PDE_UPLOAD_USER: ${{ vars.PDE_ORG_RESULTS_AGGREGATOR_UPLOAD_USER }}
+          PDE_UPLOAD_PASSWORD: ${{ secrets.PDE_ORG_RESULTS_UPLOAD_PASSWORD }}