fix(ci): bump datadog-ci to 5.11.0 to resolve critical simple-git RCE

simple-git 3.15.0-3.32.2 has a blockUnsafeOperationsPlugin bypass via
case-insensitive protocol.allow config key that enables RCE
(GHSA-r275-fr43-pm7q). Bumping datadog-ci to 5.11.0 pulls in the
patched simple-git.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Author: pront