fix: use OIDC for Codecov (#124)

*Issue #, if available:*

*Description of changes:*
Code coverage broke due to GitHub separating repository secrets from
Dependabot secrets. Use the OIDC token to write code coverage data to
Codecov.

By submitting this pull request, I confirm that my contribution is made
under the terms of the Apache 2.0 license.

---------

Signed-off-by: Simon Marty <simon.marty0@gmail.com>
Co-authored-by: Simon Marty <simon.marty0@gmail.com>

Author: ThirdEyeSqueegee

.github/workflows/go.yml

@@ -2,30 +2,33 @@ name: Go
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
-    branches: [ master ]
+    branches: [master]
 
-jobs:
+permissions:
+  contents: read
+  id-token: write
 
+jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v4
+      - uses: actions/checkout@v5
 
-    - name: Set up Go
-      uses: actions/setup-go@v5
-      with:
-        go-version: '1.22'
+      - name: Set up Go
+        uses: actions/setup-go@v6
+        with:
+          go-version: "1.22"
 
-    - name: Build
-      run: go build -v ./...
+      - name: Build
+        run: go build -v ./...
 
-    - name: Test
-      run: go test -v ./secretcache -coverprofile=coverage.out -covermode=atomic
-    
-    - name: Codecov
-      uses: codecov/codecov-action@v5
-      env:
-        CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
+      - name: Test
+        run: go test -v ./secretcache -coverprofile=coverage.out -covermode=atomic
 
+      - name: Codecov
+        uses: codecov/codecov-action@v5
+        with:
+          fail_ci_if_error: true
+          use_oidc: true