Fix timeout implementation and address review feedback

- Kill git process on timeout: use child_process.spawn directly for
  timeout-eligible operations so we have a ChildProcess handle to send
  SIGTERM (then SIGKILL after 5s). On Windows, SIGTERM is a forced kill
  so the SIGKILL fallback is effectively a no-op there.

- Fix timeout:0 not working: replace falsy || coalescion with explicit
  empty-string check so that '0' is not replaced by the default '300'.

- Refactor execGit to use an options object instead of 5 positional
  parameters, eliminating error-prone filler args (false, false, {}).

- Pass allowAllExitCodes through to execGitWithTimeout so both code
  paths have consistent behavior for non-zero exit codes.

- Add settled guard to prevent double-reject when both close and error
  events fire on the spawned process.

- Handle null exit code (process killed by signal) as an error rather
  than silently treating it as success.

- Capture stderr in error messages for the timeout path, matching the
  information level of the non-timeout exec path.

- Log SIGKILL failures at debug level instead of empty catch block.

- Warn on customListeners being ignored in the timeout path.

- Emit core.warning() when invalid input values are silently replaced
  with defaults, so users know their configuration was rejected.

- Add input validation in setTimeout (reject negative values).

- Clarify retry-max-attempts semantics: total attempts including the
  initial attempt (3 = 1 initial + 2 retries).

- Remove Kubernetes probe references from descriptions.

- Use non-exhaustive list (e.g.) for network operations in docs to
  avoid staleness if new operations are added.

- Add tests for timeout/retry input parsing (defaults, timeout:0,
  custom values, invalid input with warnings, backoff clamping) and
  command manager configuration (setTimeout, setRetryConfig, fetch).

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

README.md

@@ -155,20 +155,20 @@ Please refer to the [release page](https://github.com/actions/checkout/releases/
     # Default: true
     set-safe-directory: ''
 
-    # Timeout in seconds for each git network operation attempt (fetch, lfs-fetch,
-    # ls-remote). If a single attempt exceeds this, it is killed and retried. Set to 0
-    # to disable. Default is 300 (5 minutes). Similar to Kubernetes probe
-    # timeoutSeconds.
+    # Timeout in seconds for each git network operation attempt (e.g. fetch,
+    # lfs-fetch, ls-remote). If a single attempt exceeds this, the process is
+    # terminated. If retries are configured (see retry-max-attempts), the operation
+    # will be retried. Set to 0 to disable. Default is 300 (5 minutes).
     # Default: 300
     timeout: ''
 
-    # Maximum number of retry attempts for failed git network operations. Similar to
-    # Kubernetes probe failureThreshold.
+    # Total number of attempts for each git network operation (including the initial
+    # attempt). For example, 3 means one initial attempt plus up to 2 retries.
     # Default: 3
     retry-max-attempts: ''
 
     # Minimum backoff time in seconds between retry attempts. The actual backoff is
-    # randomly chosen between min and max. Similar to Kubernetes probe periodSeconds.
+    # randomly chosen between min and max.
     # Default: 10
     retry-min-backoff: ''