Update all actions we use in our workflows to pull from specific pinned commits

[dkotter]

Description of the Change

In order to help protect against compromised actions, instead of including actions based on their major version (like v4), this PR switches all the actions we use to pull based on the commit hash from the latest release.

While this does impact maintenance a bit going forward, it ensures that we we're always using actions that we (hopefully) trust and if an action gets compromised (which happens) we don't have to worry that we're using a compromised action. This also goes along with what GitHub suggests.

How to test the Change

Ensure all our workflows still run as expected

Changelog Entry

Developer - Update all third-party actions our workflows rely on to use versions based on specific commit hashes.

Credits

Props @dkotter, @jeffpaul

Checklist:

• I agree to follow this project's Code of Conduct.
• I have updated the documentation accordingly.
• I have added Critical Flows, Test Cases, and/or End-to-End Tests to cover my change.
• All new and existing tests pass.

[iamdharmesh]

PR changes look good and all actions are passing, except for the following:

• Dependency Review: I'm not entirely sure about this, but it appears to be due to the "MIT License identified as invalid" issue.
• E2E Cypress Tests / WP trunk: These tests are failing because of an insertBlock command issue with WP 6.8 in the Cypress utils library version 0.4.

[dkotter]

Dependency Review: I'm not entirely sure about this, but it appears to be due to the "actions/dependency-review-action#907" issue.

Yes, that does seem like the issue. We've encountered this across multiple plugins now. I've downgraded to an older version and that seems to work for now.

E2E Cypress Tests / WP trunk: These tests are failing because of an insertBlock command issue with WP 6.8 in the Cypress utils library version 0.4.

Update to the latest 0.5.0 release and tests are passing now