Pin GitHub Actions dependencies with commit SHAs and update Dependabot to weekly schedule (#316)

* Initial plan

* Pin GitHub Actions dependencies with commit SHAs and update Dependabot to weekly schedule

- Pin actions/checkout@v4 to specific commit SHA with version comment
- Pin actions/setup-java@v4 to specific commit SHA with version comment
- Update Dependabot to weekly schedule for GitHub Actions
- Group all GitHub Actions updates in single group

Co-authored-by: scordio <[email protected]>

---------

Co-authored-by: copilot-swe-agent[bot] <[email protected]>
Co-authored-by: scordio <[email protected]>

Author: Copilot

.github/dependabot.yml

@@ -11,5 +11,10 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "daily"
+      interval: "weekly"
+      day: "monday"
       time: "02:00"
+    groups:
+      github-actions:
+        patterns:
+          - "*"

.github/workflows/build.yml

@@ -14,11 +14,11 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-      - uses: actions/checkout@v4
+      - uses: actions/checkout@08eba0b27e820071cde6df949e0beb9ba4906955 # v4.3.0
         with:
           fetch-depth: 0
       - name: Set up JDK 21
-        uses: actions/setup-java@v4
+        uses: actions/setup-java@c5195efecf7bdfc987ee8bae7a71cb8b11521c00 # v4.7.1
         with:
           distribution: 'temurin'
           java-version: '21'