ci(actions): Update GitHub Actions to latest versions

[tintinhamans]

This pull request updates all GitHub Actions used in the project's workflow YAML files to use exact commit SHA references instead of version tags. This change improves security and reliability by ensuring that workflows always use the intended action versions, preventing unexpected updates or changes from upstream maintainers.

Closes #779

The most important changes are:

Security and Reliability Improvements:

• Updated all actions/checkout steps to use an explicit commit SHA (de0fac2e4500dabe0009e67214ff5f5447ce83dd for v6.0.2) instead of the @v4 tag across all workflow files.
• Updated all uses of actions/cache, actions/cache/restore, and actions/cache/save to use commit SHA (cdf6c1fa76f9f475f3d7449005a359c84ca0f306 for v5.0.3) instead of @v4.
• Updated all actions/upload-artifact and actions/download-artifact steps to use exact commit SHAs (bbbca2ddaa5d8feaa63e36b76fdaad77386f024f for upload v7.0.0, 70fc10c6e5e1ce46ad2ea6f2b72d43f7d47b13c3 for download v8.0.0) instead of version tags.
• Updated softprops/action-gh-release to use a specific commit SHA (a06a81a03ee405af7f2048a818ed3f03bbf83c7b for v2.5.0) instead of @v2.
• Updated other third-party actions (dorny/paths-filter, ilammy/msvc-dev-cmd, lukka/run-vcpkg) to use commit SHAs instead of tags, ensuring consistent and secure action execution.

These updates help lock down the CI/CD pipeline against upstream changes and improve build reproducibility.

[greptile-apps]

Greptile Summary

This PR updates all GitHub Actions to use commit SHAs instead of version tags for improved security and reproducibility, while also upgrading several actions to newer major versions.

Major Changes:

• Converted all action references from version tags (e.g., @v4) to exact commit SHAs with version comments
• Upgraded actions/checkout from v4 to v6.0.2 (2 major versions)
• Upgraded actions/cache and variants from v4 to v5.0.3
• Upgraded actions/upload-artifact from v4 to v7.0.0 (3 major versions)
• Upgraded actions/download-artifact from v4 to v8.0.0 (4 major versions)
• Updated other third-party actions (dorny/paths-filter, ilammy/msvc-dev-cmd, lukka/run-vcpkg, softprops/action-gh-release) to latest versions

Key Observations:

• All SHA references are applied consistently across all workflow files
• The artifact actions (upload v7 + download v8) are used together within the same workflow runs, which should be compatible as they're companion actions
• Major version upgrades for checkout and artifact actions may include breaking changes that should be verified through testing
• All changes are mechanical replacements with clear version annotations

Confidence Score: 4/5

• This PR is generally safe to merge but involves significant version upgrades that should be validated through CI/CD testing
• The SHA pinning approach is a security best practice and all changes are applied consistently. However, the score is 4 rather than 5 because the PR combines SHA pinning with major version upgrades (v4→v6 for checkout, v4→v7/v8 for artifacts) which could potentially introduce breaking changes. The changes are well-structured and mechanical, but the major version jumps warrant verification that all workflows still function correctly.
• Pay attention to .github/workflows/build-historical.yml, .github/workflows/build-toolchain.yml, and .github/workflows/weekly-release.yml as they handle artifact upload/download with the new v7/v8 versions and should be tested to ensure artifact compatibility across jobs.

Important Files Changed

Filename	Overview
.github/workflows/build-historical.yml	Updated 5 actions to use commit SHAs: checkout (v4→v6.0.2), cache (v4→v5.0.3), upload-artifact (v4→v7.0.0), download-artifact (v4→v8.0.0), gh-release (v2→v2.5.0)
.github/workflows/build-toolchain.yml	Updated 6 actions with SHAs including major version jumps for checkout, cache, artifacts, msvc-dev-cmd, and run-vcpkg
.github/workflows/weekly-release.yml	Updated checkout, download-artifact, and gh-release actions to use commit SHAs with major version upgrades

_{Last reviewed commit: b87d91a}