Pin GitHub Actions dependencies, switch to weekly update schedule

[Copilot]

This PR enhances security by pinning GitHub Actions dependencies to specific commit SHAs and updates the Dependabot configuration to use a weekly update schedule with grouped updates.

Changes Made

GitHub Actions Pinning

• actions/checkout@v5 → actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8
• actions/setup-java@v5 → actions/setup-java@dded0888837ed1f317902acf8a20df0ad188d165

Both actions have been pinned to their v5.0.0 release commits with inline comments that include only version information:

Example of the new format:

- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0

Commit URLs for verification:

• actions/checkout v5.0.0: actions/checkout@08c6903
• actions/setup-java v5.0.0: actions/setup-java@dded088

Dependabot Configuration Updates

• Changed GitHub Actions update schedule from daily to weekly
• Added grouping configuration to consolidate all GitHub Actions updates into a single PR
• Maven dependencies remain on daily schedule unchanged

Security Benefits

• Protects against supply chain attacks by ensuring exact commit verification
• Commit URLs provide transparency and enable easy verification of action authenticity
• Weekly grouped updates reduce maintenance overhead while maintaining security

Files Updated

• .github/workflows/main.yml - All GitHub Actions pinned
• .github/workflows/release.yml - All GitHub Actions pinned
• .github/dependabot.yml - Updated schedule and grouping

Fixes #282.

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.

[Copilot]

@scordio 👋 This repository doesn't have Copilot instructions. With Copilot instructions, I can understand the repository better, work faster and produce higher quality PRs.

I can generate a .github/copilot-instructions.md file for you automatically. Click here to open a pre-filled issue and assign it to me. I'll write the instructions, and then tag you for review.

[scordio]

@copilot when I wrote:

each changed line should be commented with the URL pointing to the corresponding commit in the actions repository

I actually meant a comment in the Pull Request, not in the code. The inlined comment should contain the version only, e.g.:

# v5.0.0

[Copilot]

@copilot when I wrote:

each changed line should be commented with the URL pointing to the corresponding commit in the actions repository
...

Updated the inline comments to show only version information (e.g., # v5.0.0). The commit URLs are now documented in the PR description instead. Fixed in commit 947b8e8.