fix: use double quotes for environment variable assignments in workflows

- Updated environment variable assignments in multiple workflow files to use double quotes for consistency and to prevent potential issues with variable expansion.
- Refactored echo commands to group multiple lines into a single block for improved readability in the following workflows:
  - release-goreleaser.yml
  - renovate_prune.yml
  - security-pr.yml
  - security-weekly-rebuild.yml
  - supply-chain-pr.yml
  - supply-chain-verify.yml
  - update-geolite2.yml
  - waf-integration.yml
  - weekly-nightly-promotion.yml

.github/workflows/auto-add-to-project.yml

@@ -18,9 +18,9 @@ jobs:
         id: project_check
         run: |
           if [ -n "${{ secrets.PROJECT_URL }}" ]; then
-            echo "has_project=true" >> $GITHUB_OUTPUT
+            echo "has_project=true" >> "$GITHUB_OUTPUT"
           else
-            echo "has_project=false" >> $GITHUB_OUTPUT
+            echo "has_project=false" >> "$GITHUB_OUTPUT"
           fi
 
       - name: Add issue or PR to project
@@ -29,8 +29,8 @@ jobs:
         continue-on-error: true
         with:
           project-url: ${{ secrets.PROJECT_URL }}
-          github-token: ${{ secrets.ADD_TO_PROJECT_PAT }}
+          github-token: ${{ secrets.ADD_TO_PROJECT_PAT || secrets.GITHUB_TOKEN }}
 
       - name: Skip summary
         if: steps.project_check.outputs.has_project == 'false'
-        run: echo "PROJECT_URL secret missing; skipping project assignment." >> $GITHUB_STEP_SUMMARY
+        run: echo "PROJECT_URL secret missing; skipping project assignment." >> "$GITHUB_STEP_SUMMARY"