Pin GitHub Actions dependencies, update wrapper validation action, optimize workflows

[Copilot]

This PR implements security best practices by pinning GitHub Actions dependencies to specific commit SHAs, updates the deprecated wrapper validation action, and optimizes the Dependabot update schedule as requested in the issue.

Changes Made

GitHub Actions Pinning

All GitHub Actions dependencies have been pinned with their commit SHAs and inline version comments for easy tracking:

• actions/setup-java@v4 → c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
• actions/checkout@v5 → 08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
• gradle/wrapper-validation-action@v3 → gradle/actions/wrapper-validation@d9c87d481d55275bb5441eef3fe0e46805f9ef70 # v3.5.0
• gradle/actions/setup-gradle@v4 → ed408507eac070d1f99cc633dbcf757c94c7933a # v4.4.3
• gradle/gradle-build-action@v3 → ac2d340dc04d9e1113182899e983b5400c17cda1 # v3.5.0
• dependabot/fetch-metadata@v2 → 08eff52bf64351f401fb50d4972fa95b9f2c2d1b # v2.4.0

Wrapper Validation Action Updates

• Updated deprecated action: Replaced gradle/wrapper-validation-action with gradle/actions/wrapper-validation in the dedicated validation workflow
• Optimized CI workflow: Removed redundant wrapper validation step from ci.yml since setup-gradle@v4 automatically includes wrapper validation
• Maintained separation of concerns: Kept dedicated gradle-wrapper-validation.yml workflow for explicit validation

SHA Authenticity Verification

The commit SHAs can be verified at the following URLs:

• actions/setup-java@c5195ef
• actions/checkout@08c6903
• gradle/actions@d9c87d4
• gradle/actions@ed40850
• gradle/gradle-build-action@ac2d340
• dependabot/fetch-metadata@08eff52

Dependabot Configuration Updates

Updated .github/dependabot.yml to:

• Change GitHub Actions update schedule from daily to weekly
• Group all GitHub Actions dependencies into a single "github-actions" group
• This will generate one consolidated PR per week for all GitHub Actions updates instead of individual PRs

Benefits

• Enhanced Security: Pinned SHAs prevent supply chain attacks through compromised action versions
• Improved Maintainability: Version comments make it easy to track what version each SHA represents
• Reduced PR Noise: Weekly grouped updates instead of daily individual updates
• Modernized Actions: Updated to use current, supported wrapper validation action
• Optimized Performance: Removed duplicate validation steps while maintaining security
• Consistency: Aligns with security practices used in other assertj repositories

All workflows have been validated and builds pass successfully.

Fixes #230.

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

@scordio 👋 This repository doesn't have Copilot instructions. With Copilot instructions, I can understand the repository better, work faster and produce higher quality PRs.

I can generate a .github/copilot-instructions.md file for you automatically. Click here to open a pre-filled issue and assign it to me. I'll write the instructions, and then tag you for review.