fix potential GitHub Actions smells

[ceddy4395]

Hey! 🙂 I want to contribute the following changes to your workflow:

• Avoid executing scheduled workflows on forks
• Prevent running issue/PR actions on forks
• Use names for run steps
• Define permissions for workflows with external actions
• Steps should only perform a single command
• Use commit hash instead of tags for action versions
• Avoid jobs without timeouts
• Use fixed version for runs-on argument

(These changes are part of a research Study at TU Delft looking at GitHub Action Smells. Find out more)

Got some code for us? Awesome 🎊!

Please include a description of your change & check your PR against this list, thanks!

• [ ] There's a clear use-case for this code change, explained below
• [ ] Commit message has a short title & references relevant issues
• [ ] The build will pass (run yarn test:all and yarn lint)

We appreciate your contribution!