[Sync] Update project files from source repository (42bf6a9)

[mrz1836]

What Changed

• Updated MAGE_X_VERSION from v1.18.6 to v1.18.7
• Updated MAGE_X_NANCY_VERSION from v1.0.52 to v1.2.0
• Updated NANCY_VERSION from v1.0.52 to v1.2.0
• Updated GO_PRE_COMMIT_VERSION from v1.5.1 to v1.5.2
• Added new Guardian CI Testing Framework configuration section with feature toggle (ENABLE_CI_GUARDIAN=false) and tool version definitions (GUARDIAN_ACT_VERSION=v0.2.84, GUARDIAN_ACTIONLINT_VERSION=v1.7.10, GUARDIAN_GO_SARIF_VERSION=v3.3.0)

Why It Was Necessary

• Upgrade to latest MAGE-X release to incorporate bug fixes and improvements
• Update Nancy security scanning tool to latest major version for improved vulnerability detection
• Add Guardian CI Testing Framework infrastructure to support future CI workflow validation capabilities

Testing Performed

• Verified .github/.env.base configuration file syntax is valid
• Confirmed version numbers match official release tags from respective repositories
• Validated that Guardian CI framework is disabled by default to ensure no disruption to existing workflows

Impact / Risk

• Breaking Change: None - Guardian CI framework is disabled by default (ENABLE_CI_GUARDIAN=false)
• Risk: Low - dependency version bumps are incremental except Nancy (major version update from v1.0.52 to v1.2.0)
• Impact: Nancy major version update may have different scanning behavior; pre-commit and MAGE-X updates bring latest tooling improvements

[Copilot]

Pull request overview

Sync update bringing CI tooling/config in line with upstream, primarily via pinned-version bumps and incremental workflow enhancements (improved failure context reporting and optional PAT support), plus new Guardian CI framework configuration defaults.

Changes:

• Bump pinned tool/action versions (MAGE-X, Nancy, go-pre-commit, CodeQL action).
• Enhance GoFortress reusable workflows to accept an optional GH PAT and to pass richer failure context into the cancellation action.
• Update caching behavior in the Go setup composite action to use actions/cache@v4 directly and extend .env configuration with Guardian CI settings (disabled by default).

Reviewed changes

Copilot reviewed 13 out of 13 changed files in this pull request and generated 2 comments.

Show a summary per file

File	Description
.github/workflows/scorecard.yml	Bumps pinned github/codeql-action/upload-sarif digest/version.
.github/workflows/fortress.yml	Updates GoFortress header version/release date comment.
.github/workflows/fortress-test-suite.yml	Adds optional GH_PAT_TOKEN secret and forwards it for downstream workflow GitHub API usage.
.github/workflows/fortress-test-matrix.yml	Passes detailed failure context into the cancellation action on failure.
.github/workflows/fortress-test-fuzz.yml	Passes detailed failure context into the cancellation action on failure.
.github/workflows/fortress-security-scans.yml	Passes detailed failure context into the cancellation action for Nancy/govulncheck/gitleaks failures.
.github/workflows/fortress-pre-commit.yml	Passes detailed failure context into the cancellation action on failure.
.github/workflows/fortress-coverage.yml	Adds optional GH_PAT_TOKEN secret and uses it (fallback to GITHUB_TOKEN) for GitHub API interactions.
.github/workflows/fortress-code-quality.yml	Passes detailed failure context into the cancellation action across code-quality jobs.
.github/workflows/codeql-analysis.yml	Bumps pinned CodeQL action digests/versions (init/autobuild/analyze).
.github/actions/setup-go-with-cache/action.yml	Switches cache steps to actions/cache@v4 (restore+save) and renames steps accordingly.
.github/actions/cancel-workflow-on-failure/action.yml	Adds optional failure-context inputs and expands job summary output.
.github/.env.base	Bumps tool versions and adds Guardian CI framework configuration (disabled by default).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.