chore(ci): correct setup-python pin version comment to v6.2.0

[rusackas]

SUMMARY

The actions/setup-python step in our composite backend setup action (and the bump-python-package workflow) is pinned to commit a309ff8b426b58ec0e2a45f0f869d46889d02405, but the inline version comment read # v6.

That commit actually corresponds to release tag v6.2.0. The floating # v6 tag points at a different commit (ece7cb06…, currently v6.3.0). zizmor's ref-version-mismatch rule flags this because the human-readable comment misrepresents the exact pinned version, which makes audits and Dependabot bumps harder to reason about.

This PR updates both occurrences of the comment to the truthful # v6.2.0. The pinned SHA is unchanged, so runtime behavior is identical — this is purely a documentation/accuracy fix to satisfy the supply-chain pin convention.

Resolves code-scanning alert #2549.

BEFORE/AFTER

Before:

uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6

After:

uses: actions/setup-python@a309ff8b426b58ec0e2a45f0f869d46889d02405 # v6.2.0

TESTING INSTRUCTIONS

pre-commit run --files .github/actions/setup-backend/action.yml .github/workflows/bump-python-package.yml passes, including the zizmor (GHA security audit) hook.

ADDITIONAL INFORMATION

• Has associated issue:
• Required feature flags:
• Changes UI
• Includes DB Migration (follow approval process in SIP-59)
  • Migration is atomic, supports rollback & is backwards-compatible
  • Confirm DB migration upgrade and downgrade tested
  • Runtime estimates and downtime expectations provided
• Introduces new feature or API
• Removes existing feature or API

🤖 Generated with Claude Code

[bito-code-review]

Bito Automatic Review Skipped - Files Excluded

Bito didn't auto-review this change because all changed files are in the exclusion list for automatic reviews. No action is needed if you didn't intend for the agent to review it. Otherwise, to manually trigger a review, type /review in a comment and save.
You can change the excluded files settings here, or contact your Bito workspace admin at evan@preset.io.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 64.35%. Comparing base (6bc77fe) to head (45d0cad).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff             @@
##           master   #41383      +/-   ##
==========================================
+ Coverage   63.80%   64.35%   +0.55%     
==========================================
  Files        2653     2653              
  Lines      145281   145162     -119     
  Branches    33523    33490      -33     
==========================================
+ Hits        92692    93418     +726     
+ Misses      50891    50049     -842     
+ Partials     1698     1695       -3     

Flag	Coverage Δ
hive	?
mysql	57.97% <ø> (?)
postgres	58.04% <ø> (ø)
presto	40.81% <ø> (ø)
python	59.44% <ø> (+1.21%)	⬆️
sqlite	57.70% <ø> (ø)
unit	100.00% <ø> (?)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.