* CI: reduce default permissions to minimum
* CI: update pin actions
Most of them. CodeQL and action-gh-release is untouched for now.
Immutable actions and actions/* are pinned to version,
other actions are pinned to hash.
* CI: make use of archive: false in upload-artifact
also set compression level and error behavior for scan-build upload.
* CI: update codeql and enable scanning actions
* CI: github attestation for manually started builds
* CI: include appimage zsync in build attestation
* CI: github attestation for Linux release builds
* CI: reorder steps in build.yml
* CI: add windows builds to release.yml
* CI: order jobs in release.yml
* CI: add missing permission to release.yml
* CI: enable windows build in release.yml
* CI: false is skip
* Docs: update min required version
and add comment about security.
* Core: rework python version check
* CI: set min micro update for build and release
* CI: build: fail fast if setup.py fails on windows
* CI: build: fail for missing uploads, rework compression
Upload-artifact allows setting compression level now.
The change speeds up both upload and extraction.
* CI: match build gz in release
* CI: build: verify worlds all load
* CI: build: generate a game
* Generate: move worlds loaded exception to allow settings to init from worlds
* CI: build: build setup before running tests
* ModuleUpdater/setup: install pkg_resources and check for pip
plus minor cleanup in the github actions
* ModuleUpdate/setup: make flake8 happy
* ModuleUpdate/setup: make mypy happier
