qa: Address security issues identified by SonarLint #6

	# Builds and pushes docker images on main and tags

	name: Analyze
	on:
	push:
	branches:
	- main
	pull_request:
	types: [opened, synchronize, reopened]

	jobs:
	build:
	name: Build and Analyze
	runs-on: ubuntu-latest
	timeout-minutes: 60
	steps:
	- name: Checkout
	uses: actions/checkout@v2
	with:
	submodules: recursive
	- name: Setup Java
	uses: actions/setup-java@v2
	with:
	distribution: 'temurin'
	java-version: '17'
	cache: 'maven'
	- name: Cache SonarCloud packages
	uses: actions/cache@v3
	with:
	path: ~/.sonar/cache
	key: ${{ runner.os }}-sonar
	restore-keys: ${{ runner.os }}-sonar

	- name: Build customized GeoServer version
	run: \|
	make deps

	- name: Analyze
	env:
	GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} # Needed to get PR information, if any
	SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
	run: \|
	mvn package org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=geoserver_geoserver-cloud -ntp -DskipTests
	#mvn -B verify org.sonarsource.scanner.maven:sonar-maven-plugin:sonar -Dsonar.projectKey=geoserver_geoserver-cloud

Provide feedback