Move nightly build checksum generation to dedicated job

The "Publish Nightly Build" GitHub Actions workflow calculates checksums of the generated builds and writes them to a
file. This file may be used to validate downloads of the builds.

In addition to uploading the builds to Arduino's downloads server, the workflow also uploads them to GitHub Actions
workflow artifacts. These artifacts may serve as an alternative source of the nightly builds (similar to the tester
builds).

Previously the checksum generation was performed in the workflow's "publish-nightly" job, which is used to upload the
builds to Arduino's downloads server. In addition to being outside the stated scope of that job, this also meant that
the checksum file was only available from Arduino's downloads server, and not from the workflow artifacts.

Moving the checksum generation code to a dedicated job limits the operations in the important "publish-nightly" job
exclusively to its stated scope. This also results in the checksum file being available as a workflow artifact.

Author: per1234

.github/workflows/publish-go-nightly-task.yml

@@ -219,10 +219,43 @@ jobs:
           overwrite: true
           path: ${{ env.DIST_DIR }}/${{ env.PACKAGE_FILENAME }}
 
+  checksums:
+    needs: notarize-macos
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Set environment variables
+        run: |
+          # See: https://docs.github.com/actions/reference/workflows-and-actions/workflow-commands#setting-an-environment-variable
+          TAG="nightly-$(date -u +"%Y%m%d")"
+          echo "CHECKSUM_FILE_PATH=${{ runner.temp }}/${TAG}-checksums.txt" >>"$GITHUB_ENV"
+          echo "TAG=$TAG" >>"$GITHUB_ENV"
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v6
+        with:
+          merge-multiple: true
+          path: ${{ env.DIST_DIR }}
+          pattern: ${{ env.ARTIFACT_PREFIX }}*
+
+      - name: Create checksum file
+        working-directory: ${{ env.DIST_DIR }}
+        run: |
+          sha256sum ${{ env.PROJECT_NAME }}_${{ env.TAG }}* >"${{ env.CHECKSUM_FILE_PATH }}"
+
+      - name: Upload checksum artifact
+        uses: actions/upload-artifact@v5
+        with:
+          if-no-files-found: error
+          name: ${{ env.ARTIFACT_PREFIX }}checksums
+          path: ${{ env.CHECKSUM_FILE_PATH }}
+
   publish-nightly:
     runs-on: ubuntu-latest
     environment: production
-    needs: notarize-macos
+    needs: checksums
     permissions:
       contents: write
       id-token: write # This is required for requesting the JWT
@@ -235,12 +268,6 @@ jobs:
           merge-multiple: true
           path: ${{ env.DIST_DIR }}
 
-      - name: Create checksum file
-        working-directory: ${{ env.DIST_DIR }}
-        run: |
-          TAG="nightly-$(date -u +"%Y%m%d")"
-          sha256sum ${{ env.PROJECT_NAME }}_${TAG}* >${TAG}-checksums.txt
-
       - name: configure aws credentials
         uses: aws-actions/configure-aws-credentials@v5
         with: