[Documentation] Fix Security Risks

[elliot-huffman]

Description:

The documentation recommended to put insecure code into GH Actions workflows, this was lit up like a Christmas tree in CodeQL in my environment. This PR is to fix the recommended configuration so that injection/takeover attacks are not the recommended default.

Changes:

• Update least privilege to read only for GH Actions example.
• Add blurb about least permission.
• Fix an injection attack that is possible with specially crafted PRs and commits that allows threat actors to run malicious commands in the GH Actions execution context.
• Update GH Action version to the latest version.
• Change @main reference to SHA hash place holder as @main is a risk too for execution take over, only pinned commits should be used for actions.

Checklist:

Readme change only, no code changes in the project.