security: set-output cmd deprecated. Use $GITHUB_OUTPUT env file (#9287)

* security: `set-output` cmd deprecated. Use `$GITHUB_OUTPUT` env file

To avoid untrusted logged data to use `save-state` and `set-output` workflow commands without the intention of the workflow author we have introduced a new set of environment files to manage state and output.

Starting 1st June 2023 workflows using `save-state` or `set-output` commands via stdout will fail with an error.

https://github.blog/changelog/2022-10-11-github-actions-deprecating-save-state-and-set-output-commands/

* chore: apply fix found at actions/stale#859

* test: fixing report escapes

* test: fixing report escapes

* test: fixing report escapes

* test: fixing report escapes

* test: fixing report escapes

.github/actions/awesomebot-gh-summary-action/action.yml

@@ -86,12 +86,13 @@ runs:
           }
         }
 
-        # HACK to single line strings (https://trstringer.com/github-actions-multiline-strings/)
-        $text = $text -replace "`%","%25"
-        $text = $text -replace "`n","%0A"
-        $text = $text -replace "`r","%25"
-        # set output
-        echo "::set-output name=text::$text"
+        # set multiline output (the way of prevent script injection is with random delimiters)
+        # https://docs.github.com/en/actions/using-workflows/workflow-commands-for-github-actions#multiline-strings
+        # https://github.com/orgs/community/discussions/26288#discussioncomment-3876281
+        $delimiter = (openssl rand -hex 8) | Out-String
+        echo "text<<$delimiter" >> $env:GITHUB_OUTPUT
+        echo "$text" >> $env:GITHUB_OUTPUT
+        echo "$delimiter" >> $env:GITHUB_OUTPUT
 
 
     - name: Write output