* Add zimor to checks
* fix format
* use same version of checkout everywhere
* do only persist credentials if needed
* remove duplicate clones
* fix pin syntax
* fix pins
* fix template injection
* another injection fix
* Revert "remove duplicate clones"
This reverts commit 9a00ae2bbb1ef5c6ab5610dd4efc313ec285f12f.
* Add GH token for further rules
* use global pin for requests
* unify on yaml for workflo files
* format workflow files
* pin action versions
* fix pinned version
* use system venv
* switch args
* remove uv for now and add setting for pyyaml
* use requirements file
* also switch on docker flow
* generate hashes
* added hashes to reqs
* add hashes for CI too
* add hash checking
* require hashes everywhere possible
* require hashes where possible in docker
