chore(ci): pin 3rd-party actions to specific commit hashes

[Water-Melon]

KAG-6149

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 90.79446%. Comparing base (63f6784) to head (c05659a).
Report is 4 commits behind head on main.

Additional details and impacted files

@@                 Coverage Diff                 @@
##                main        #664         +/-   ##
===================================================
- Coverage   90.82650%   90.79446%   -0.03204%     
===================================================
  Files             53          53                 
  Lines          11337       11341          +4     
  Branches        1692        1690          -2     
===================================================
  Hits           10297       10297                 
- Misses          1034        1038          +4     
  Partials           6           6                 

see 3 files with indirect coverage changes

Flag	Coverage Δ
unit	90.55126% <ø> (-0.01725%)	⬇️
valgrind	82.43902% <ø> (-0.10051%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

[thibaultcha]

Does this break our Dependabot automatic updates? If so, very much not inclined to merge this, that would be terrible. Considering this is fully open source, nobody will steal any sensitive information or code whatsoever. This repository also does not directly deliver to end-users/customers (the Gateway repo CI/CD does that), what is the benefit?

[thibaultcha]

I was informed that Dependabot does support updating actions pinned with sha1 commits, in which case we are all good! Thank you.