Dependabot left the version comment as v6.0.2 on the four lines that
carry a trailing `# zizmor: ignore[artipacked]`, since its comment
rewriter only handles a version comment as the last token on the line.
zizmor flagged the resulting hash/comment mismatch. Update every
checkout pin in .github to the v6.0.3 commit and comment at once.

Dependabot Cargo updates directly affect YJIT/ZJIT builds, so these
workflows should run for Cargo dependency PRs. Other dependabot PRs
(GitHub Actions, Vcpkg) are skipped.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

The condition `github.event_name == 'push' && github.event.pull_request.user.login == 'dependabot[bot]'`
was always false because `github.event.pull_request` does not exist
on push events. Simply checking `github.event.pull_request.user.login`
is sufficient as it naturally evaluates to false on non-PR events.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.1 to 6.0.2.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6.0.1...v6.0.2)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.2
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 6.0.0 to 6.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v6...v6.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.1 to 6.0.0.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5.0.1...v6)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 6.0.0
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>

Bumps [actions/checkout](https://github.com/actions/checkout) from 5.0.0 to 5.0.1.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v5...v5.0.1)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: 5.0.1
  dependency-type: direct:production
  update-type: version-update:semver-patch
...

Signed-off-by: dependabot[bot] <support@github.com>

Soft fails like warnings from rustc. The `rustdoc` warnings tend to be
dead links in the markup.

Bumps [actions/checkout](https://github.com/actions/checkout) from 4 to 5.
- [Release notes](https://github.com/actions/checkout/releases)
- [Commits](https://github.com/actions/checkout/compare/v4...v5)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-version: '5'
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>