ci(actions): Update GitHub Actions to latest versions

[tintinhamans]

This pull request updates all GitHub Actions used in the project's workflow YAML files to use exact commit SHA references instead of version tags. This change improves security and reliability by ensuring that workflows always use the intended action versions, preventing unexpected updates or changes from upstream maintainers.

Closes #779

The most important changes are:

Security and Reliability Improvements:

• Updated all actions/checkout steps to use an explicit commit SHA (de0fac2e4500dabe0009e67214ff5f5447ce83dd for v6.0.2) instead of the @v4 tag across all workflow files.
• Updated all uses of actions/cache, actions/cache/restore, and actions/cache/save to use commit SHA (cdf6c1fa76f9f475f3d7449005a359c84ca0f306 for v5.0.3) instead of @v4.
• Updated all actions/upload-artifact and actions/download-artifact steps to use exact commit SHAs (bbbca2ddaa5d8feaa63e36b76fdaad77386f024f for upload v7.0.0, 70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 for download v8.0.0) instead of version tags.
• Updated softprops/action-gh-release to use a specific commit SHA (a06a81a03ee405af7f2048a818ed3f03bbf83c7b for v2.5.0) instead of @v2.
• Updated other third-party actions (dorny/paths-filter, ilammy/msvc-dev-cmd, lukka/run-vcpkg) to use commit SHAs instead of tags, ensuring consistent and secure action execution.

These updates help lock down the CI/CD pipeline against upstream changes and improve build reproducibility.

[greptile-apps]

Greptile Summary

This PR systematically updates all GitHub Actions across 6 workflow files to use commit SHAs instead of version tags, implementing a security best practice known as "pinning to commit SHAs."

Key changes:

• Updated actions/checkout from @v4 to v6.0.2 commit SHA across all workflows
• Updated actions/cache, actions/cache/restore, and actions/cache/save from @v4 to v5.0.3 commit SHA
• Updated actions/upload-artifact from @v4 to v7.0.0 commit SHA
• Updated actions/download-artifact from @v4 to v8.0.0 commit SHA
• Updated softprops/action-gh-release from @v2 to v2.5.0 commit SHA
• Updated dorny/paths-filter to v3.0.2 commit SHA
• Updated ilammy/msvc-dev-cmd to v1.13.0 commit SHA
• Updated lukka/run-vcpkg to v11.5 commit SHA

Benefits:

• Prevents unexpected changes from upstream action maintainers
• Protects against potential supply chain attacks
• Improves build reproducibility by ensuring exact action versions
• Maintains clear version documentation via inline comments

The changes are purely configuration updates with no modifications to workflow logic or behavior.

Confidence Score: 5/5

• This PR is safe to merge with no risk
• Configuration-only changes that improve security by pinning GitHub Actions to specific commit SHAs. No workflow logic modified, changes are systematic and consistent across all files.
• No files require special attention

Important Files Changed

Filename	Overview
.github/workflows/build-historical.yml	Updated all GitHub Actions to commit SHAs (checkout v6.0.2, cache v5.0.3, upload/download-artifact v7/v8, softprops/action-gh-release v2.5.0)
.github/workflows/build-toolchain.yml	Updated actions to commit SHAs including checkout, cache (and cache/restore, cache/save), ilammy/msvc-dev-cmd v1.13.0, lukka/run-vcpkg v11.5, upload-artifact
.github/workflows/check-replays.yml	Updated checkout, download-artifact, cache, and upload-artifact actions to commit SHAs
.github/workflows/ci.yml	Updated checkout to v6.0.2 SHA and dorny/paths-filter to v3.0.2 SHA
.github/workflows/validate-pull-request.yml	Updated checkout action to v6.0.2 commit SHA
.github/workflows/weekly-release.yml	Updated checkout, download-artifact, and softprops/action-gh-release to commit SHAs

_{Last reviewed commit: b87d91a}