Bump codecov action version.

[BenediktBurger]

Maybe version 4 is a fix for #1090

[driftregion]

Here is a purportedly successful bump in codecov version from 3 to 4:
https://github.com/Open-Attestation/document-store/pull/170/files

(linked from codecov/codecov-action#1292)

[BenediktBurger]

Here is a purportedly successful bump in codecov version from 3 to 4: https://github.com/Open-Attestation/document-store/pull/170/files

(linked from codecov/codecov-action#1292)

Thanks for making me aware of that. Unfortunately, they have another issue with a workflow calling another one, but both are in the main repo.

Our problem is, that work flows in forks cannot access the secret token.

[driftregion]

It seems the established solution is to use pull_request_target. Example: hyperledger/firefly-tezosconnect#20

See also:
codecov/codecov-action#29

This solution seems to be unviable if there is potential for abuse of the codecov token or other secrets. I haven't yet found anything on whether or not it's possible to isolate secrets to a particular workflow.

[BenediktBurger]

As this PR is from a fork, the upload will fail, such that it cannot be tested.