Update precision and severity for unpinned-tag

This ensures that it will be in `security-extended`, but not the default suite.

Author: Dave Bartolomeo

actions/ql/src/Security/CWE-829/UnpinnedActionsTag.ql

@@ -3,8 +3,8 @@
  * @description Using a tag for a non-immutable Action that is not pinned to a commit can lead to executing an untrusted Action through a supply chain attack.
  * @kind problem
  * @security-severity 5.0
- * @problem.severity recommendation
- * @precision high
+ * @problem.severity warning
+ * @precision medium
  * @id actions/unpinned-tag
  * @tags security
  *       actions