feat: improve GitHub workflows specs

[shakaran]

Improvements to GitHub Actions Workflows

This PR introduces enhancements to all workflows in .github/workflows to boost efficiency, security, and robustness, following GitHub Actions best practices.

Changes Made

1. Concurrency

• What: Added concurrency with group: ${{ github.workflow }}-${{ github.ref }} and cancel-in-progress: true in workflows triggered by PR/push.
• Why: Cancels previous runs on the same branch/PR, reducing CI/CD costs and preventing unnecessary builds. Enhances efficiency in repositories with high activity.

2. Permissions

• What: Defined explicit minimal permissions (e.g., contents: read, checks: write, pull-requests: write) in each workflow.
• Why: Adheres to the 'least privilege' principle for security. Prevents unauthorized access and aligns with GitHub security standards.

3. Timeouts

• What: Added timeout-minutes to long-running jobs (10 min for PHPUnit, 5 min for upload coverage).
• Why: Prevents hanging executions that consume resources. Ensures workflows fail quickly if issues occur, improving reliability.

4. Additional Triggers

• What: Added workflow_dispatch in composer-lint.yml and release-on-milestone-closed.yml.
• Why: Enables manual executions for debugging or controlled releases, adding flexibility without depending solely on automatic events.

5. Other Optimizations

• What: In continuous-integration.yml, added fail_ci_if_error: false to the Codecov action.
• Why: Avoids CI failures from coverage upload errors (e.g., network issues), allowing the build to proceed if coverage fails.

Affected Workflows

• coding-standards.yml
• composer-lint.yml
• continuous-integration.yml
• documentation.yml
• release-on-milestone-closed.yml
• static-analysis.yml
• test-dev-stability.yml
• website-schema.yml

Impact

• Efficiency: Reduction in execution time and costs.
• Security: Lower risk of unauthorized access.
• Maintainability: More robust and auditable workflows.
• Compatibility: Does not break existing functionality; all changes are additive.

These changes follow recommended best practices for GitHub Actions and require no updates to external dependencies.

[ostrolucky]

This looks like AI slop. We don't really need these changes.

[shakaran]

This looks like AI slop. We don't really need these changes.

I just use Copilot for generate easy the description of the PR. The concurrency, timeouts, permissions and other changes I think that are pretty useful, but as you consider if you want partial o fully this changes I can modify it

[ostrolucky]

Let's do without for now. We may reconsider at some point.