Bump codecov/codecov-action from 3 to 4 + pass CODECOV_TOKEN

[sloede]

Supersedes #921.

TODO:

• [x] Repo admins: please verify that an appropriate codecov token is set as the repository secret named CODECOV_TOKEN before merging.

[IanButterworth]

I'm not an admin so can't see repo settings, I'm afraid

[DilumAluthge]

I can set up the token. But why do we need to upgrade to v4 of the action? Can't we just stay on v3 (which supports tokenless uploads)?

[sloede]

I can set up the token. But why do we need to upgrade to v4 of the action? Can't we just stay on v3 (which supports tokenless uploads)?

In my experience, the codecov-action has been somewhat brittle in the past (but YMMV). Therefore, in my other repos we try to stick to the latest support version. Also, all the docs are by now referring to v4-specific details, making it slightly more confusing when sticking with v3. Tokenless uploads are still supported for PRs from forks, so that should still work.

Having said that, I have no strong feelings either way here 🤷‍♂️

[codecov[bot]]

Codecov Report

All modified and coverable lines are covered by tests :white_check_mark:

Comparison is base (8cd96a1) 84.62% compared to head (fefaab9) 84.62%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #922 +/- ## ======================================= Coverage 84.62% 84.62% ======================================= Files 3 3 Lines 826 826 ======================================= Hits 699 699 Misses 127 127 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Have feedback on the report? Share it here.

[DilumAluthge]

Alright, I grabbed the token from the Codecov settings^1 and I added it to this repo as a GitHub Actions Secret^2 named CODECOV_TOKEN.

I'll defer to @KristofferC and @IanButterworth on the question of upgrading to v4 versus staying on v3.

[sjkelly]

A token-based auth seems better than whatever was done before. The coverage results appear to upload correctly, so merging this. Thanks!