ci: update workflow

[Fdawgs]

This PR:

• Bumps actions to latest major versions
• Adds Node 18 to test matrix
• Removes Git credentials/SSH keys after checkout as a security precaution by setting persist-credentials to false, they are not used after the initial checkout
• Declares the minimum permissions for CI workflows to run at either the workflow or job level, following principle of least privilege; see related GitHub security post
• Enables concurrency in ci.yml; see related docs, this allows a subsequently queued workflow run to interrupt previous runs in PRs

[Fdawgs]

Will remove cache, doesn't seem to like it. :/