Don't persist credentials after using actions/checkout

See: https://docs.zizmor.sh/audits/#artipacked

Author: mpkorstanje

.github/workflows/release-github.yaml

@@ -13,6 +13,8 @@ jobs:
       contents: write
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - uses: cucumber/action-create-github-release@cf2c6f77ba35d2424362e83393a1c4c004cf2ddb # v1.1.1
         with:
           github-token: ${{ secrets.GITHUB_TOKEN }}

.github/workflows/release-ruby.yaml

@@ -12,6 +12,8 @@ jobs:
     environment: Release
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - uses: cucumber/action-publish-rubygem@d8918cbdee789cfc78f346a96a59596b87795be1 # v1.0.0
         with:
           rubygems_api_key: ${{ secrets.RUBYGEMS_API_KEY }}

.github/workflows/test.yaml

@@ -26,6 +26,8 @@ jobs:
     runs-on: ${{ matrix.os }}
     steps:
       - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2
+        with:
+          persist-credentials: false
       - uses: ./.github/actions/test-ruby
         with:
           ruby-version: ${{ matrix.ruby }}