Use context var for Sonar

Even though context vars are not properly escaped for shells in
this context.

See https://community.sonarsource.com/t/security-advisory-sonarqube-scanner-github-action/147696

Author: pcolby

.github/workflows/sonar.yaml

@@ -51,4 +51,4 @@ jobs:
         with:
           args: >-
             --define project.settings=.sonar.properties
-            --define sonar.cfamily.compile-commands="$RUNNER_TEMP/sonar/compile_commands.json"
+            --define sonar.cfamily.compile-commands="${{ runner.temp }}/sonar/compile_commands.json"