fix: use SHAs for GitHub Actions instead of tags

[jmeridth]

Adhere to best security practices and use SHAs for GitHub Actions and not tags (they can be changed).

I used frizbee to do this.

brew install stacklok/tap/frizbee
frizbee ghactions -d .github/workflows/

• [x] Have you followed the contributing guidelines?
• [x] Have you explained what your changes do, and why they add value to the Guides?

Please note: we will close your PR without comment if you do not check the boxes above and provide ALL requested information.

---