Add pre-commit hook to check for pinned github actions

[FirelightFlagboy]

We should pin github action with commit hash instead of tag.

Otherwise an attacker getting access to the action's repo can modify the tag and execute arbitrary code which is able to exfiltrate the secrets we use in our CI (in our case typically api token to upload to snap and pypi).

However it's your lucky day given we already have all the code to implement this ready: 😄

• https://github.com/touilleMan/godot-python/blob/master/.github/workflows/build.yml
• https://github.com/touilleMan/godot-python/blob/6adbe46550c90c0f676b8835e854eddd1b654a97/.pre-commit-config.yaml#L19-L26
• https://github.com/touilleMan/godot-python/blob/master/misc/pin_github_actions.py

Originally posted by @touilleMan in https://github.com/Scille/parsec-cloud/pull/2523#discussion_r908305589