chore: pin Foundry version for reproducible semver-lock output

[arawrdn]

GM,

Pinned the Foundry toolchain used to generate semver-lock.

Previously, the README instructed users to run:

foundryup
just semver-lock

which installs the latest Foundry version. That can change forge behavior, compiler metadata handling, artifact formatting, or lockfile output, causing non-deterministic diffs between local runs and CI.

The fix pins Foundry installation to a specific version in CI/scripts and documents the same local setup:

foundryup --version <pinned-version>
just semver-lock

solc_version remains pinned in foundry.toml, and Foundry itself is now pinned as well. This ensures semver-lock is generated with the same toolchain everywhere, preventing CI drift from upstream Foundry changes.

Regards,

[cb-heimdall]

🟡 Heimdall Review Status

Requirement	Status	More Info
Reviews	🟡 0/1	Denominator calculation Show calculation 1 if user is bot 0 1 if user is external 0 2 if repo is sensitive 0 From .codeflow.yml 1 Additional review requirements Show calculation Max 0 0 From CODEOWNERS 0 Global minimum 0 Max 1 1 1 if commit is unverified 1 Sum 2