chore: pin GitHub Actions to SHA (PDE-215)

[corneliusludmann]

Pin all external GitHub Actions to specific commit SHAs for supply chain security.

Changes

27 unique actions pinned (~100 references across 22 workflow files):

• actions/cache@v3
• actions/checkout@master, @v2, @v4
• actions/github-script@v6, @v7
• actions/setup-go@v2
• actions/setup-java@v4
• actions/stale@v9
• actions/upload-artifact@v4
• authzed/[email protected]
• BetaHuhn/repo-file-sync-action@v1
• bufbuild/buf-breaking-action@v1
• bufbuild/buf-lint-action@v1
• bufbuild/buf-setup-action@v1
• configcat/scan-repository@v2
• docker/login-action@v3
• FedericoCarboni/setup-ffmpeg@v1
• filiptronicek/get-last-job-status@main
• google-github-actions/auth@v1
• imjasonh/[email protected]
• KeisukeYamashita/create-comment@v1
• peter-evans/create-pull-request@v6
• rtCamp/action-slack-notify@v2
• slackapi/[email protected]
• test-summary/action@v2
• transferwise/sanitize-branch-name@v1

Exceptions

• gitpod-io/[email protected]: internal Gitpod action, not pinned to SHA

Related

• Part of PDE-138
• Closes PDE-215

[github-actions[bot]]

:warning: Hey reviewer! BE CAREFUL :warning: Review the code before opening in your Gitpod. .gitpod.yml was changed and it might be harmful.