ci: Skip GitGuardian scan for Dependabot PRs and update checkout to v6

Dependabot PRs don't have access to repository secrets, causing the
GitGuardian scan to fail with "Invalid GitGuardian API key". Since
Dependabot only updates dependencies and won't introduce secrets,
skipping the scan for these PRs is safe.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: tablackburn

.github/workflows/ggshield.yaml

@@ -8,8 +8,10 @@ jobs:
   scanning:
     name: GitGuardian Scan
     runs-on: ubuntu-latest
+    # Skip for Dependabot PRs - they don't have access to secrets and only update dependencies
+    if: github.actor != 'dependabot[bot]'
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@v6
         with:
           fetch-depth: 0
       - uses: GitGuardian/ggshield-action@v1