Revert "Bump actions/checkout from 3 to 4"

[riccardoporreca]

Reverts #18, which was auto-merged via @dependabot merge and this caused the workflows run on the merge commit to havegithub.actor == "dependabot[bot]", which does have access to secrets, thus braking the deployments to shinyapps.io as unauthorized

• Deployment error example at https://github.com/miraisolutions/ShinyCICD/actions/runs/7640386058/job/20817426348#step:6:1

      SHINYAPPS_ACCOUNT: 
      SHINYAPPS_TOKEN: 
      SHINYAPPS_SECRET: 
  [...]
  Error in `GET()`:
  ! <https://api.shinyapps.io/v1/users/current/> failed with HTTP status
    401
  Unauthorized
  

See dependabot/dependabot-core#3253 and in particular
dependabot/dependabot-core#3253 (comment)

Why does @dependabot merge fail on a push event?

The github.actor == "dependabot[bot]" since you have asked Dependabot to do the merge (vs a human actor).

We don't recommend commenting @dependabot merge to automerge a PR.

There is a clear message about not using @dependabot merge, which we should adhere to.

[riccardoporreca]

@GuidoMaggio, @RolandASc, can any of you please approve this?

The plan is to revert the merge commit from dependabot and then let dependabot re-open a PR for the same upgrade, which will be merged manually w/o @dependabot merge

[GuidoMaggio]

ok