feat: scan jobs.<job>.uses when checking workflow actions

[Wuodan]

This change scans jobs.<job>.uses references in addition to step-level uses references.

Without this, reusable workflows referenced at the job level are skipped, which leaves a coverage gap for third-party action checks.

Test workflows:

• target-*.yml from Wuodan/ensure-immutable-actions-test
• workflows/actions from Wuodan/ensure-immutable-actions-test-custom-actions

Validation run with this PR branch:

• https://github.com/Wuodan/ensure-immutable-actions-test/actions/runs/24108023604

[Copilot]

Pull request overview

This PR closes a workflow-scanning gap by extracting uses: references defined at the job level (jobs.<job>.uses) in addition to step-level uses, ensuring reusable workflows are included in immutable reference checks.

Changes:

• Added a shared addParsedAction() helper to centralize parsing/metadata attachment for uses references.
• Updated workflow extraction to include jobs.<job>.uses (reusable workflows) alongside step uses.
• Bumped package version and expanded Jest coverage to validate reusable-workflow extraction behavior.

Show a summary per file

File	Description
src/index.js	Refactors action extraction and adds scanning for jobs.<job>.uses reusable workflow references.
__tests__/index.test.js	Adds/updates tests to assert reusable workflows are extracted correctly (including jobs with only uses).
package.json	Bumps version to reflect behavior change.
package-lock.json	Syncs lockfile version metadata with the package bump.
badges/coverage.svg	Updates coverage badge after test additions.

Copilot's findings

• Files reviewed: 3/5 changed files
• Comments generated: 0

[github-actions]

📦 Draft Release Created

A draft release v2.2.0 has been created for this PR.

🔗 View Draft Release

Next Steps

• Review the release notes
• Publish the release to make it permanent

This is an automated reminder from the publish-github-action workflow.