ci: bump remaining Node 20 actions to Node 24 (checkout v6, setup-go v6, golangci v9)

[lucasmundim]

What

Follow-up to #78. That PR bumped only docker-publish.yml's artifact actions; the other four workflows still ran Node-20 actions, producing the "Node.js 20 actions are deprecated" warning on every test / lint / e2e / crd-sync run (e.g. the test.yml run flagged actions/checkout@v4, actions/setup-go@v5).

• actions/checkout @v4 → @v6 — test.yml, test-e2e.yml, lint.yml (×2), helm-crd-sync-check.yml
• actions/setup-go @v5 → @v6 — same four workflows
• golangci/golangci-lint-action @v8 → @v9 — lint.yml

Why these versions / safety

Confirmed each currently-used version is using: node20 and each target is node24 (from their action.yml):

• checkout@v6, setup-go@v6 — pure runtime bumps.
• golangci-lint-action@v9 — its release notes state the only change in scope is node20 → node24, so the existing version: v2.4.0 golangci-lint pin stays valid (no new lint surface).

Already Node 24, left untouched: azure/setup-helm@v5, docker/setup-buildx-action@v4, docker/login-action@v4, and docker-publish.yml's checkout@v6/upload-artifact@v7/download-artifact@v8 (from #78).

After this, no Node-20 action remains in any workflow (grep-verified). The agent repo was already clean.

---

^{Need help on this PR? Tag /codesmith with what you need. Autofix is disabled.}

[leandrobmarinho]

Clean Node-24 action sweep (checkout v4->v6, setup-go v5->v6, golangci-lint-action v8->v9) across the four workflows, pure version swaps (10/10). The only non-trivial bump, golangci-lint-action v9, is safe here because the repo is already on the v2 config (.golangci.yml 'version: "2"') with golangci-lint pinned to v2.4.0 - so the breaking v6->v7 'requires golangci-lint v2' migration was already absorbed and v9 is just the node24 runtime bump. Unlike the digest-merge workflow, these jobs run on GitHub-hosted ubuntu-latest, so the Actions Runner >= 2.327.1 requirement is satisfied, and the Lint and Tests jobs actually run on this PR - both passed green, directly validating golangci v9 + setup-go v6 + checkout v6. (E2E is still completing but uses the same already-validated checkout/setup-go and isn't affected by the bump.) Looks good.

[shingonoide]

Reviewed the Node 24 runtime bumps: actions/checkout v4 to v6, actions/setup-go v5 to v6, and golangci/golangci-lint-action v8 to v9, across lint.yml, test.yml, test-e2e.yml, and helm-crd-sync-check.yml (+10/-10). Verified each new major exists and runs on Node 24, and that the bump is complete: no checkout earlier than v6 or setup-go earlier than v6 remains anywhere under .github/.

The golangci-lint-action v9 step is safe here. Comparing the action manifests at v8 and v9, no inputs were removed (v9 is a strict superset, adding version-file, install-only, debug, and experimental), version stays optional, and the default golangci-lint version is unchanged. This job passes only version: v2.4.0, which matches the repo's .golangci.yml (version: "2" schema), so nothing in the lint step is affected. setup-go v6 reads go-version-file: go.mod (go 1.25.1) with no conflict, and all jobs run on ubuntu-latest, which satisfies the v2.327.1+ runner floor.

Two non-blocking notes:

1. checkout v6 changes where the auth token is persisted (now under RUNNER_TEMP rather than the local git config). No step here reads the credential from git config after checkout, so this is a no-op for these workflows, just worth knowing for any future step that assumes the old location.

2. docker-publish.yml still pins docker/setup-buildx-action@v4, docker/login-action@v4, and azure/setup-helm@v5, which this PR does not touch. If the intent is to clear all remaining Node 20 actions, those are worth a follow-up check.

LGTM.