feat: bump Pi-Hole version

Many of the Pi-Hole releases of this year were made due to security
vulnerabilities. None of them are to concern to Qusal users.

- GHSA-jg6g-rrj6-xfg6: Requires authenticated user;
- GHSA-95g6-7q26-mp9x: Requires authenticated user; and
- GHSA-3597-244c-wrpj: Requires shell in the same qube running Pi-Hole.

The admin interface is only allowed through localhost, therefore only
sys-pihole and sys-pihole-browser qubes have access to it, blocked by
firewall (nftables) and HTTP server (lighttpd). Qubes with access to the
admin interface are not of a concern, we assume that every qube that has
access to the admin interface is trusted, therefore, only if a qube
doesn't have access to the admin interface and can gain access, it
becomes a concern, which hasn't happened.

salt/sys-pihole/install.sls

@@ -7,7 +7,7 @@ SPDX-License-Identifier: AGPL-3.0-or-later
 
 {% if grains['nodename'] != 'dom0' %}
 
-{% set pihole_tag = 'v5.18.2' -%}
+{% set pihole_tag = 'v5.18.3' -%}
 
 include:
   - utils.tools.common.update