* Include `pin*` extras in lockfile
* Fix and clean up `devscripts/update_requirements.py`
* Improve release channel documentation
* Remove false statement from `--prefer-insecure` documentation
* Assorted code cleanup
* Set `GH_TELEMETRY=false` in CI/CD whenever `gh` is used
* Add comments about required checks in CI workflows
* Run `test-workflows.yml` for every PR so its checks can be required
* Verify actionlint attestation in CI
* Remove zizmor version to reduce workflow maintenance burden
(zizmor-action handles pinning on its end)
Authored by: bashonly
* Add `pin`, `pin-curl-cffi`, `pin-secretstorage` and `pin-deno` extras
* Check in a `uv.lock` for devs
* Add `devscripts/update_requirements.py` for dependency upgrades
Authored by: bashonly, Grub4K
Co-authored-by: Simon Sawicki <contact@grub4k.dev>
