Zizmor feedback: Pin actions

Author: Daraan

.github/workflows/ci.yml

@@ -152,6 +152,8 @@ jobs:
 
     steps:
       - uses: actions/checkout@v4
+        with:
+          persist-credentials: false
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
@@ -176,7 +178,7 @@ jobs:
           coverage xml
 
       - name: Code Coverage Report
-        uses: irongut/[email protected]
+        uses: irongut/CodeCoverageSummary@51cc3a756ddcd398d447c044c02cb6aa83fdae95 # v1.3.0
         with:
           filename: coverage.xml
           badge: true
@@ -189,7 +191,7 @@ jobs:
           thresholds: '80 90'
 
       - name: Add Coverage PR Comment
-        uses: marocchino/sticky-pull-request-comment@v2
+        uses: marocchino/sticky-pull-request-comment@52423e01640425a022ef5fd42c6fb5f633a02728  # v2.9.3
         if: github.event_name == 'pull_request'
         with:
           recreate: true