Sanitize the limit query parameter value by casting to int,
preventing potential XSS injection via malicious query strings.

Refs #19172

Bumps [actions/cache](https://github.com/actions/cache) from 4 to 5.
- [Release notes](https://github.com/actions/cache/releases)
- [Changelog](https://github.com/actions/cache/blob/main/RELEASES.md)
- [Commits](actions/cache@v4...v5)

---
updated-dependencies:
- dependency-name: actions/cache
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

…ons/cache-5

Bump actions/cache from 4 to 5

PaginatorHelper::limitControl() will use the current request parameters
to generate hidden inputs but was not correctly encoding input name
attributes.

Fixes #19172

Apply rector fixes:
- Remove @return void from __clone(), __construct(), __destruct() magic methods
- Combine nested if statements in PluginAssetsTrait

Fix PHPStan issue:
- Remove redundant `if (!$copy)` check in PluginAssetsTrait::_process()
  that was always true after the preceding `if ($copy) { ... continue; }` block

Fix CI failures: rector and phpstan issues

Fix missing HTML escaping in PaginatorHelper

…19183)

When rendering a template from a plugin controller using the syntax
`$this->render('PluginName.Controller/custom_file')`, the framework was
generating an incorrect path with a duplicated controller directory.

Before fix: `templates/Controller/Controller/custom_file.php`
After fix: `templates/Controller/custom_file.php`

This restores the conditional check from CakePHP 5.2 that prevented the
unwanted path concatenation when working with plugin templates where
templatePath equals name.

Fixes #19180