consider pinning the cli version by default instead of "latest"

[benburkert]

Our deployment process failed a couple times due to fastly/cli#1072. Looking into, we realized that we're not setting cli_version to a specific version, which means we're floating the CLI version without realizing it. But if we switch to setting the cli_version, we lose support for dependabot to open PRs for new CLI version releases.

Please consider switching to incorporate the CLI version in the versioning of this action so that we can be safeguarded against supply chain attacks without dropping dependabot support.

[kpfleming]

As an alternative, the Fastly CLI is now installable using npm, which means you can have a package.json which identifies the version you want to install (and Dependabot can open PRs to bump the version specified there).