Reduce checkout version

[nathro]

Update actions/checkout pin to v4.0.0

This PR downgrades the GitHub Actions actions/checkout used by our composite action to v4.0.0 (commit SHA pin) to address compatibility and policy alignment concerns.

Key changes

• Downgrade actions/checkout from v4.2.2 to v4.0.0, pinned by commit (1e31de5…) for supply‑chain safety
• Continue using a commit SHA rather than a tag to maintain immutability
• Applies only to the composite action step that checks out the PR head; no production/runtime code is affected

Context

• Tracks rationale discussed in Augment Agent issue Fix multiline custom guidelines #2: Not possible to use augmentcode/augment-agent action from github enterprise Version 3.13.11 augment-agent#2

Risk and impact

• Low risk: CI-only change; behavior remains functionally equivalent for checkout of PR heads
• Easy rollback: revert to prior pinned SHA (11bd719…, v4.2.2) if needed

---

🤖 This description was generated automatically. Please react with 👍 if it's helpful or 👎 if it needs improvement.

[github-actions]

Change looks good. One small hardening tweak to consider for the checkout step.

---

🤖 Automated review complete. Please react with 👍 or 👎 on the individual review comments to provide feedback on their usefulness.

[github-actions]

Consider adding persist-credentials: false to the checkout step to avoid writing the token to the local git config. This follows least-privilege best practices and is recommended when the workflow doesn’t need to push back to the repo.