Add new test for secrets in artifact query

Author: Alvaro Muñoz

ql/test/query-tests/Security/CWE-312/.github/workflows/secrets-in-artifacts.yml

@@ -62,3 +62,26 @@ jobs:
         with:
           name: file
           path: foo
+  test7: # NOT VULNERABLE
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
+        with:
+          name: file
+          path: .
+  test8: # VULNERABLE
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          persist-credentials: true
+      - name: "Upload artifact"
+        uses: actions/upload-artifact@1746f4ab65b179e0ea60a494b83293b640dd5bba # v4.3.2
+        with:
+          name: file
+          path: .
+

ql/test/query-tests/Security/CWE-312/SecretsInArtifacts.expected

@@ -2,3 +2,4 @@
 | .github/workflows/secrets-in-artifacts.yml:27:9:32:2 | Uses Step | A secret is exposed in an artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:27:9:32:2 | Uses Step | actions/upload-artifact |
 | .github/workflows/secrets-in-artifacts.yml:38:9:43:2 | Uses Step | A secret is exposed in an artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:38:9:43:2 | Uses Step | actions/upload-artifact |
 | .github/workflows/secrets-in-artifacts.yml:49:9:54:2 | Uses Step | A secret is exposed in an artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:49:9:54:2 | Uses Step | actions/upload-artifact |
+| .github/workflows/secrets-in-artifacts.yml:82:9:86:18 | Uses Step | A secret is exposed in an artifact uploaded by $@ | .github/workflows/secrets-in-artifacts.yml:82:9:86:18 | Uses Step | actions/upload-artifact |