🐛 fix: update workflows

[jschoone]

What this PR does / why we need it:

Which issue(s) this PR fixes (optional, in fixes #<issue number>(, fixes #<issue_number>, ...) format, will close the issue(s) when PR gets merged):
Fixes #

Special notes for your reviewer:

Please confirm that if this PR changes any image versions, then that's the sole change this PR makes.

TODOs:

• squash commits
• include documentation
• add unit tests

[garloff]

Ah, this supercedes #339. Too bad I had not seen this one, sorry. So I merged ...

[garloff]

Code QL reports that verify shellcheck is risky...

Step 1 Uses Step (Source)

.github/workflows/pr-verify.yml:18
with:
github_token: ${{ secrets.GITHUB_TOKEN }}

  - name: Checkout repository
    uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
    with:
      ref: ${{ github.event.pull_request.head.sha }}

  - name: Verify Shellcheck
    run: make verify-shellcheck

Step 2 Run Step (Sink)

.github/workflows/pr-verify.yml:23
with:
ref: ${{ github.event.pull_request.head.sha }}

  - name: Verify Shellcheck
    run: make verify-shellcheck

Potential cache poisoning in the context of the default branch due to privilege checkout of untrusted code. (pull_request_target).

[garloff]

The other question is whether we want to allow :seedling: instead of 🌱 etc?