chore(CI): remove overridden permissions and useless checks (@nadalaba)

[nadalaba]

• when CI workflow gets triggered by a forked repository with the pull_request event, it runs in the context of the merge commit (between the PR head and the base branch), so the workflow that'll run has whatever changes the PR author made, so exit 1 can be removed by anyone.
  However, this is not a problem, because forked repositories can do no harm with the pull_request event:

With the exception of GITHUB_TOKEN, secrets are not passed to the runner when a workflow is triggered from a forked repository. The GITHUB_TOKEN has read-only permissions in pull requests from forked repositories. source

• also update dorny/paths-filter action to v4

Warning: Node.js 20 actions are deprecated. The following actions are running on Node.js 20 and may not work as expected: dorny/paths-filter@v3. Actions will be forced to run with Node.js 24 by default starting June 2nd, 2026. Please check if updated versions of these actions are available that support Node.js 24. To opt into Node.js 24 now, set the FORCE_JAVASCRIPT_ACTIONS_TO_NODE24=true environment variable on the runner or in your workflow file. Once Node.js 24 becomes the default, you can temporarily opt out by setting ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION=true. For more information see: https://github.blog/changelog/2025-09-19-deprecation-of-node-20-on-github-actions-runners/

[socket-security]

All alerts resolved. Learn more about Socket for GitHub.

This PR previously contained dependency changes with security issues that have been resolved, removed, or ignored.

View full report