Update action-download-artifact to fix vuln

This addresses GHSA-5xr6-xhww-33m4.

Author: crawford

.github/workflows/upload-sbom.yaml

@@ -20,14 +20,14 @@ jobs:
     steps:
       - name: Download metadata
         id: metadata
-        uses: dawidd6/action-download-artifact@v2.28.0
+        uses: dawidd6/action-download-artifact@v6
         with:
           run_id: ${{ github.event.workflow_run.id }}
           name: metadata.json
 
       - name: Download SBOM
         id: sbom
-        uses: dawidd6/action-download-artifact@v2.28.0
+        uses: dawidd6/action-download-artifact@v6
         with:
           run_id: ${{ github.event.workflow_run.id }}
           name: sbom.spdx.json