ci: tighten security of checkout action

Author: foosel

.github/workflows/build.yml

@@ -11,7 +11,9 @@ jobs:
     name: 🔨 Build distribution
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
       - name: 🏗 Set up Python 3.10
         uses: actions/setup-python@v5
         with:
@@ -25,7 +27,9 @@ jobs:
     name: 🧹 Pre-commit
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
       - name: 🏗 Set up Python 3.10
         uses: actions/setup-python@v5
         with:
@@ -45,7 +49,9 @@ jobs:
         python: ["3.7", "3.8", "3.9", "3.10", "3.11", "3.12", "3.13"]
     runs-on: ubuntu-22.04 # change back to ubuntu-latest once we drop Python 3.7
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
+        with:
+          persist-credentials: false
       - name: 🏗 Set up Python ${{ matrix.python }}
         uses: actions/setup-python@v5
         with: