chore(template): SHA-pin and bump astral-sh/setup-uv to v8.1.0

[xaviedoanhduy]

Why

Follow-up to #13.

The scaffolded setup-python-env/action.yaml used astral-sh/setup-uv@v6
(mutable floating tag). This pins it to a commit SHA and bumps to v8.1.0,
matching the repo's own CI workflow (already on v8.1.0 since #13).

What

• astral-sh/setup-uv@v6 → @08807647e7069bb48b6ef5acd8ec9567f424441b # v8.1.0

actions/setup-python@v6 kept on version tag (GitHub-owned, same pragmatic
stance as #13).

v6 → v8: breaking changes reviewed

The action only installs uv. Inputs used by the template (version,
enable-cache, cache-suffix) are unchanged across v6/v7/v8.

• v7.0.0: node20 → node24 runtime (GitHub-hosted runners unaffected);
  removed server-url input (template doesn't use it).
• v8.0.0: dropped floating major/minor tags — must pin @vX.Y.Z or SHA.
  Moot here since we pin to SHA. Also removed deprecated manifest-file
  legacy format (template doesn't use it).

Picked up along the way:

• v7.5+: uv release metadata served from Astral mirror — no GitHub API
  rate limits during version resolution.
• v8.0.0: immutable releases.

Test plan

• Scaffold a new project from the updated template
• Verify pre-commit.yaml and test.yaml workflows run green with setup-uv v8.1.0

[nilshamerlinck]

could introduce breaking changes

did you spot any? it just installs uv so I wonder what could change that much

[xaviedoanhduy]

fair point — I checked the v7+v8 release notes and didn't spot any breaking change that affects the template's install-uv path. The inputs we use (version, enable-cache, cache-suffix) are unchanged across v6/v7/v8.

the relevant breaking changes:

• v7.0.0: node20 → node24 (GitHub-hosted runners fine); removed server-url (we don't use it).
• v8.0.0: dropped floating major tags — must pin SHA or @vX.Y.Z. We SHA-pin already, so moot.

i bumped the template to v8.1.0 (3190393) to align with the repo's own CI workflow (already on v8.1.0 since #13)