docs: security hardening info for actions untrusted content

[wrslatz]

Why:

The Security hardening for GitHub Actions documentation currently has no content or recommendations covering untrusted contents being checked out and executed in Actions workflow runs. Someone recently shared the Grafana GitHub Actions Security Incident write up from StepSecurity and I went to share the hardening guide with them only to not find any recommendations covering this case. I did share https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ with them, but this was harder to find since it is not in the GitHub docs. I expected this security issue to be covered in the docs since untrusted input and third-party Actions, which have similar implications, are covered in the same docs already.

What's being changed (if available, include any code snippets, screenshots, or gifs):

Document the risks and recommended hardening mitigations for untrusted content being checked out and executed in GitHub Actions pull requests.

Check off the following:

• [ ] A subject matter expert (SME) has reviewed the technical accuracy of the content in this PR. In most cases, the author can be the SME. Open source contributions may require an SME review from GitHub staff.
• [ ] The changes in this PR meet the docs fundamentals that are required for all content.
• [ ] All CI checks are passing and the changes look good in the review environment.