Update various GitHub Actions for security updates

[chabala]

@dependabot opened issue #27 on Sept 3rd to update https://github.com/actions/download-artifact from v3 to v4.1.7.

But curiously, it didn't mention updating actions/upload-artifact@v3, which is also based on actions/artifact.

It also didn't mention the reason for the update: GHSA-cxww-7g56-2vh6

actions/[email protected] contains actions/[email protected] which resolves the path traversal issue.

It also fixes a more serious issue, leaking tokens in hidden files in artifacts:

• https://unit42.paloaltonetworks.com/github-repo-artifacts-leak-tokens/ (Published:13 August 2024)
• https://github.blog/changelog/2024-08-19-notice-of-upcoming-deprecations-and-breaking-changes-in-github-actions-runners/

Other reasons for moving to v4:

• https://github.blog/changelog/2023-12-14-github-actions-artifacts-v4-is-now-generally-available/
• https://github.blog/changelog/2024-04-16-deprecation-notice-v3-of-the-artifact-actions/

[sonarcloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarCloud

[coveralls]

coverage: 67.223%. remained the same
when pulling aab23e3 on github-actions-update
into 3e74c25 on master.

[chabala]

SonarQube & Coveralls both complained the git tree was missing from the downloaded actions artifact: https://github.com/chabala/brick-control-lab/actions/runs/11317259280

Rather than set include-hidden-files: true and try to ensure .git is added, but not other hidden files that I don't even know about, it seems simpler to do another clean checkout in the SonarQube/Coveralls jobs and extract the actions artifact on top.