Bump shared/apm.md to microsoft/apm-action@v1.4.2 (restore-mode workspace pollution fix)

[danielmeppiel]

Context

microsoft/apm-action v1.4.2 is now released (release notes, PR #27). It fixes microsoft/apm-action#26 — restore mode no longer overwrites tracked apm.lock.yaml / apm.yml / apm_modules/ in the caller's git workspace, which was the root cause of #901 and the CI failure originally surfaced in #889.

The floating v1 tag has been retagged to v1.4.2, so any consumer pinned to @v1 is already on the fix. Our shared workflow pins @v1.4.1 explicitly, so it needs an update to pull the fix in.

Change

In .github/workflows/shared/apm.md, bump both microsoft/apm-action references from @v1.4.1 to @v1.4.2:

• Line 49: uses: microsoft/apm-action@v1.4.1 → @v1.4.2
• Line 77: uses: microsoft/apm-action@v1.4.1 → @v1.4.2

That's the entire change. No other edits needed (the file currently does not carry a git checkout -- . workaround — none was ever added here).

Why pin a patch version, not @v1

We pin exact versions for supply-chain reasons (immutable refs survive a tag rewrite). Mass updates ride on Dependabot / manual bumps.

Verification

After the bump, the next agentic-workflow CI run on a PR that modifies the lockfile (the #889 scenario) should succeed without the git checkout -- . step that PR #889 had to add as a workaround.

References

• Upstream fix: fix(restore): install APM and unpack via apm CLI to avoid dirtying workspace apm-action#27
• Upstream release: https://github.com/microsoft/apm-action/releases/tag/v1.4.2
• Upstream issue closed: v1.5: restore mode must install apm CLI so bundles are unpacked via 'apm unpack' (not raw tar fallback) apm-action#26
• Originating bug: apm unpack writes apm.lock.yaml / apm.yml to output dir, violating documented metadata-only contract #901
• Originating CI failure: feat(audit): close audit-blindness gap for local .apm/ content (#887) #889