[pre-commit.ci] pre-commit autoupdate

[pre-commit-ci]

updates:

• github.com/astral-sh/ruff-pre-commit: v0.15.4 → v0.15.9
• github.com/psf/black-pre-commit-mirror: 26.1.0 → 26.3.1
• github.com/pre-commit/mirrors-clang-format: v22.1.0 → v22.1.2
• github.com/python-jsonschema/check-jsonschema: 0.37.0 → 0.37.1
• github.com/zizmorcore/zizmor-pre-commit: v1.22.0 → v1.23.1
• github.com/tox-dev/pyproject-fmt: v2.16.2 → v2.21.0

[hugovk]

Looking at the zizmor findings, all but one are like this for different test*.yml:

  warning[: secrets referenced without a dedicated environment
     --> .github/workflows/test.yml:180:20
      |
   35 |   build:
      |   ----- this job
  ...
  180 |         token: ${{ secrets.CODECOV_ORG_TOKEN }}
      |                    ^^^^^^^^^^^^^^^^^^^^^^^^^ secret is accessed outside of a dedicated environment
      |
      = note: audit confidence → High

  warning[: secrets referenced without a dedicated environment

I think we can remove the token.

https://app.codecov.io/account/github/python-pillow/org-upload-token says a token is required ("When a token is required, your team must use a global or repo-specific token for uploads.").

I've flipped that to not required ("When a token is not required, your team can upload coverage reports without one. Existing tokens will still work, and no action is needed for past uploads.)

I'll remove the token and we can confirm if coverage continues to upload.