doc: readme: address security review feedback for quickstart

Replace the bash process substitution with a direct download utilizing
fail-fast curl flags, instructing the user to inspect the file before
execution to improve supply-chain security and reproducibility.

Signed-off-by: Liam Girdwood <liam.r.girdwood@linux.intel.com>

Author: lrgirdwo

README.md

@@ -18,7 +18,8 @@ See [docs](https://thesofproject.github.io/latest/index.html)
 You can easily set up the complete SOF development environment, including Zephyr SDK and QEMU, by running our interactive installer script. To run the installer locally:
 
 ```bash
-bash <(curl -sL https://raw.githubusercontent.com/thesofproject/vscode-workspace/main/sdk-install.sh)
+curl -fsSLo sdk-install.sh https://raw.githubusercontent.com/thesofproject/vscode-workspace/main/sdk-install.sh
+bash sdk-install.sh
 ```
 
 The script will guide you through the process of installing system dependencies, cloning the repositories, configuring Python virtual environments, and setting up the Zephyr SDK and QEMU.