fix: harden archive-changes workflow checkout

[gilescope]

Quarantine the untrusted release ref to release-tree/ and source CI assets (install-season action, season.yml) from a separate default-branch checkout, so an arbitrary inputs.ref cannot execute code with the workflow's contents:write token. Disable credential persistence on both checkouts; the tag fetch authenticates explicitly via http.extraheader.

Assisted-by: Claude:claude-fable-5

Overview

🗹 TODO before merging

• Ready

📌 Submission Checklist

• All commits are signed off (git commit -s) for the DCO
• Changes are backward-compatible (or flagged if breaking)
• Pull request description explains why the change is needed
• Self-reviewed the diff
• I have included a change file, or skipped for this reason:
• If the changes introduce a new feature, I have bumped the node minor version
• Update documentation (if relevant)
• Updated AGENTS.md if build commands, architecture, or workflows changed
• No new todos introduced

🧪 Testing Evidence

Please describe any additional testing aside from CI:

• Additional tests are provided (if possible)

🔱 Fork Strategy

• Node Runtime Update
• Node Client Update
• Other:
• N/A

Links