fix(deps): update github-actions

[renovate]

This PR contains the following updates:

Package	Type	Update	Change
actions/checkout	action	patch	v6.0.2 → v6.0.3
anolilab/workflows (changelog)	action	digest	20b8733 → 5b340a2
anolilab/workflows (changelog)	action	digest	5b10e6a → d7d8471

---

Warning

Some dependencies could not be looked up. Check the Dependency Dashboard for more information.

---

Release Notes

actions/checkout (actions/checkout)

v6.0.3

Compare Source

• Fix checkout init for SHA-256 repositories by @​yaananth in #​2439
• fix: expand merge commit SHA regex and add SHA-256 test cases by @​yaananth in #​2414

---

Configuration

📅 Schedule: (in timezone Europe/Berlin)

• Branch creation
  • "after 10:00 before 19:00 every weekday except after 13:00 before 14:00"
• Automerge
  • At any time (no schedule defined)

🚦 Automerge: Enabled.

♻ Rebasing: Whenever PR is behind base branch, or you tick the rebase/retry checkbox.

👻 Immortal: This PR will be recreated if closed unmerged. Get config help if that's undesired.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.

[github-actions]

Thank you for following the naming conventions! 🙏

[prisis]

Forward parts applied to main: # main reusables + step/setup -> d7d8471 and actions/checkout -> v6.0.3. The codeql/dependency-review/lint/scorecards/test/zizmor bumps to 5b340a2 are skipped: 5b340a2 is older than main's current 20b8733/1dc687e pins and predates the actionlint pnpm-catalog mitigation, so it's a downgrade. Recurs because those # v15.3.1+ workflows are pinned to main-branch SHAs ahead of the latest release tag; durable fix is a new anolilab/workflows release tag at d7d8471.