Remove third party action references

[ranma2913]

In our GitHub Enterprise we're using the "Allow enterprise, and select non-enterprise, actions and reusable workflows" permission where we must whitelist certain workflows. We got this chainguard-dev/digestabot@* approved, but the following are not:

• imjasonh/setup-crane@31b88ef
• peter-evans/create-pull-request@5e91468

Can we possibly get this action refactored to not depend on community actions?

[cpanato]

can be, but will be more complex