Use a dedicated GitHub workflow to check for problems with Yarn configuration

The "build" workflow builds the application for all supported targets, generates workflow artifacts from which the
builds can be downloaded by users and beta testers, and publishes nightly and production releases.

As if that wasn't enough, the workflow was also configured to check the sync of the Yarn lockfile.

This monolithic approach is harmful for multiple reasons:

* Makes it difficult to interpret a failed workflow run
* Makes the build workflow more difficult to maintain
* Increases the turnaround time for contributors and maintainers to get feedback from the CI system

The sync check operation is hereby moved to a dedicated workflow, consistent with standard practices for Arduino Tooling
projects.

.github/workflows/build.yml

@@ -385,7 +385,7 @@ jobs:
           fi
 
           npx node-gyp install
-          yarn install --immutable
+          yarn install
 
           yarn --cwd arduino-ide-extension build
           yarn --cwd electron-app rebuild

.github/workflows/check-yarn.yml

@@ -0,0 +1,91 @@
+name: Check Yarn
+
+# See: https://docs.github.com/en/actions/reference/events-that-trigger-workflows
+on:
+  create:
+  push:
+    paths:
+      - ".github/workflows/check-yarn.ya?ml"
+      - "**/.yarnrc"
+      - "**/package.json"
+      - "**/package-lock.json"
+      - "**/yarn.lock"
+  pull_request:
+    paths:
+      - ".github/workflows/check-yarn.ya?ml"
+      - "**/.yarnrc"
+      - "**/package.json"
+      - "**/package-lock.json"
+      - "**/yarn.lock"
+  schedule:
+    # Run every Tuesday at 8 AM UTC to catch breakage resulting from changes to the JSON schema.
+    - cron: "0 8 * * TUE"
+  workflow_dispatch:
+  repository_dispatch:
+
+jobs:
+  run-determination:
+    runs-on: ubuntu-latest
+    permissions: {}
+    outputs:
+      result: ${{ steps.determination.outputs.result }}
+    steps:
+      - name: Determine if the rest of the workflow should run
+        id: determination
+        run: |
+          RELEASE_BRANCH_REGEX="refs/heads/[0-9]+.[0-9]+.x"
+          # The `create` event trigger doesn't support `branches` filters, so it's necessary to use Bash instead.
+          if [[
+            "${{ github.event_name }}" != "create" ||
+            "${{ github.ref }}" =~ $RELEASE_BRANCH_REGEX
+          ]]; then
+            # Run the other jobs.
+            RESULT="true"
+          else
+            # There is no need to run the other jobs.
+            RESULT="false"
+          fi
+
+          echo "result=$RESULT" >> $GITHUB_OUTPUT
+
+  check-sync:
+    name: check-sync (${{ matrix.project.path }})
+    needs: run-determination
+    if: needs.run-determination.outputs.result == 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        project:
+          - path: .
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Setup Node.js
+        uses: actions/setup-node@v4
+        with:
+          cache: yarn
+          node-version: ${{ env.NODE_VERSION }}
+
+      - name: Install npm package dependencies
+        env:
+          # Avoid failure of @vscode/ripgrep installation due to GitHub API rate limiting:
+          # https://github.com/microsoft/vscode-ripgrep#github-api-limit-note
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+        run: |
+          yarn \
+            install \
+            --ignore-scripts
+
+      - name: Check yarn.lock
+        run: |
+          git \
+            diff \
+              --color \
+              --exit-code \
+              "${{ matrix.project.path }}/yarn.lock"