v5: self-hosted Nx remote cache (replaces @nx/s3-cache)

feat(nx-migrate): accept runs_on input

Adds a `runs_on` input (default `ubuntu-latest` for backwards
compat) so self-hosted callers can route the scheduled migration
job onto their own pool instead of hitting GitHub Actions
billing.

feat: opt into Node 24 for JS actions

feat: auto-detect Rust workspace when no .environment.yml

fix: cargo-nextest install ungated on host mode

feat: host-mode cargo-nextest install

fix: comment expression collision

fix: rust-cache only on github-hosted runners

v4.0.0 — plan + shard topology for OSS distributed CI

fix(nx-ci): cache mode expression always returned read-only

`(cond) && '' || 'read-only'` evaluates as `(cond ? '' : 'read-only') || 'read-only'`
in GitHub expressions, and `'' || x` always returns x. Result: every run
— even pushes/schedule/dispatch on trusted refs — got read-only S3 cache
and never wrote. The CREEP CVE mitigation was over-applying.

Swap the truthy branch from empty to the literal "read-write" so the
conditional behaves as if/else. The @nx/s3-cache plugin treats any
non-"read-only" value as read+write.