Migrate GitHub Pages deployment to official first-party actions

[Copilot]

Replaces peaceiris/actions-gh-pages@v3 with official GitHub Pages actions to address code scanning alert #69 and align with GitHub's recommended deployment pattern.

Changes

• Workflow structure: Split into separate build and deploy jobs following first-party action requirements
• Permissions: Declared at workflow level (contents: read, pages: write, id-token: write) instead of job level
• Deployment: Uses actions/upload-pages-artifact@v3 + actions/deploy-pages@v4 with OIDC authentication
• Concurrency control: Added pages group to prevent simultaneous deployments

Migration details

Before:

- name: GitHub Pages action
  uses: peaceiris/actions-gh-pages@v3
  with:
    github_token: ${{ secrets.GITHUB_TOKEN }}
    publish_branch: gh-pages
    publish_dir: toPublish

After:

# Build job
- name: Upload artifact
  uses: actions/upload-pages-artifact@v3
  with:
    path: toPublish

# Deploy job (separate)
- name: Deploy to GitHub Pages
  uses: actions/deploy-pages@v4

The official actions use implicit GITHUB_TOKEN with declared permissions rather than explicit token passing.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[gfs]

Superceded by #391