Infra: Pin workflow actions to commit versions

To prevent possible supply chain attacks, we need to pin every 3rd-party action versions to commits.
Instead of
`        uses: actions/checkout@v4` // <- v4 is a mutable tag and can be rewritten with a malicious code
use
`        uses: actions/checkout@1e31de5234b9f8995739874a8ce0492dc87873e2` // <- immutable