chore(ci): SHA-pin actions/checkout to v6.0.2 commit (#260)

Follow-up to the prior actions/checkout upgrade that landed with major-tag
@v6. Convert all in-scope references to SHA-pinned form
(de0fac2e4500dabe0009e67214ff5f5447ce83dd = v6.0.2) per the workspace
tightening policy: pinning by commit eliminates the v6-tag-compromise
attack surface even on workflows that do not handle laterally-capable
secrets.

Trade-off accepted: future actions/checkout patches (v6.0.3+) require
manual SHA bumps. Mitigation: Dependabot for the github-actions ecosystem
(separate sweep) would auto-PR future bumps.

Part of the workspace-wide tightening completion across the Pendle repos.

Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>

Author: manh-pendle

.github/workflows/deploy.yaml

@@ -11,7 +11,7 @@ jobs:
     name: Deploy
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v6
+      - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd  # v6.0.2
       - uses: actions/setup-node@v4
         with:
           node-version: 20 # Use a recommended Node.js version (Docusaurus requires >= 18)