Pin GitHub Actions to SHA hashes

[bgrozev]

Pin all GitHub Actions version tags to their corresponding commit SHA hashes for improved supply-chain security.

Original version tags are preserved as comments (e.g. # v4).

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 34.04%. Comparing base (28409d2) to head (07e1c16).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@            Coverage Diff            @@
##             master     #231   +/-   ##
=========================================
  Coverage     34.04%   34.04%           
  Complexity      162      162           
=========================================
  Files            36       36           
  Lines          1360     1360           
  Branches        136      136           
=========================================
  Hits            463      463           
  Misses          864      864           
  Partials         33       33           

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 28409d2...07e1c16. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.