Pin GitHub Actions to SHA hashes

[bgrozev]

Pin all GitHub Actions version tags to their corresponding commit SHA hashes for improved supply-chain security.

Original version tags are preserved as comments (e.g. # v4).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 35.88%. Comparing base (13e2486) to head (0b013c0).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@             Coverage Diff              @@
##             master     #308      +/-   ##
============================================
- Coverage     35.93%   35.88%   -0.05%     
+ Complexity     1133     1126       -7     
============================================
  Files           166      166              
  Lines         10993    10993              
  Branches       1627     1627              
============================================
- Hits           3950     3945       -5     
+ Misses         6521     6517       -4     
- Partials        522      531       +9     

see 8 files with indirect coverage changes

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 13e2486...0b013c0. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.