[Sync] Update project files from source repository (54eecbd)

[mrz1836]

What Changed

• Updated Dependabot auto-merge workflow to use actions/checkout@v4 and actions/create-github-app-token@v1
• Modified stale issue/PR check workflow to use actions/stale@v9 with updated configuration parameters
• Synchronized label management workflow to use actions/checkout@v4 and micnncim/action-label-syncer@v1
• Refreshed workflow configurations to align with current GitHub Actions best practices and security standards

Why It Was Necessary

• Ensures workflows use maintained and secure versions of GitHub Actions
• Incorporates latest security improvements and bug fixes from action dependencies
• Maintains consistency with upstream workflow patterns and reduces technical debt
• The stale workflow update includes improved configuration for issue and PR staleness detection

Testing Performed

• Validated YAML syntax in all three modified workflow files
• Verified workflow action versions exist and are published in GitHub Actions marketplace
• Confirmed workflow trigger conditions (schedule, pull_request, push) remain functionally equivalent
• Reviewed action parameter compatibility between old and new versions

Impact / Risk

• Low Risk: Standard GitHub Actions dependency updates with no logic changes
• No Breaking Changes: Workflow triggers and core functionality remain unchanged
• Security Improvement: Updated actions include latest security patches and improvements
• CI/CD Impact: Workflows will use newer action runtimes but maintain same behavior

[Copilot]

Pull request overview

This PR synchronizes GitHub Actions workflow files from the source repository, adding explicit contents: read permissions to the load-env jobs in three workflows. These changes align with GitHub Actions security best practices by explicitly declaring required permissions at the job level while maintaining restrictive default permissions at the workflow level.

• Added permissions blocks with contents: read to load-env jobs across three workflow files
• Each permission declaration includes a clear comment explaining the requirement for sparse checkout operations
• Changes follow the principle of least privilege for workflow security

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
.github/workflows/sync-labels.yml	Added explicit contents: read permission to the load-env job for sparse checkout access
.github/workflows/stale-check.yml	Added explicit contents: read permission to the load-env job for sparse checkout access
.github/workflows/dependabot-auto-merge.yml	Added explicit contents: read permission to the load-env job for sparse checkout access

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.