ci: install codecov CLI from PyPI to avoid GPG keyserver flake

[edge90]

The codecov uploader wrapper fetches codecov's public key from a keyserver to verify the CLI signature. That download intermittently returns empty (gpg: no valid OpenPGP data found), so verification fails with Can't check signature: No public key and the whole job exits 1.

use_pypi: true installs the CLI via pip from PyPI instead, which never touches the keyserver and verifies via package hashes. fail_ci_if_error: true stays on.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 99.81%. Comparing base (5a91082) to head (9ce0780).

Additional details and impacted files

@@           Coverage Diff           @@
##             main      #47   +/-   ##
=======================================
  Coverage   99.81%   99.81%           
=======================================
  Files          18       18           
  Lines        2129     2129           
  Branches      242      247    +5     
=======================================
  Hits         2125     2125           
  Misses          4        4           

Flag	Coverage Δ
Linux	94.73% <ø> (+0.06%)	⬆️
Windows	100.00% <ø> (ø)
macOS	95.18% <ø> (-0.14%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Harness.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.