Pin workflow actions versions

[ethangardner]

Summary

Pinned specific SHA versions for the GitHub Actions used in the CI workflows to tighten security posture. Also addressed a minor formatting issue in the README.md that was causing one of the workflows to fail.

Related issue

#6601

Problem statement

Workflow actions throughout the .github/* directory used mutable tags (@v2, @v1). The more secure option is to pin these to specific commit hashes so we know exactly which version is running.

Solution

Pinned each GitHub Action to a specific commit SHA in all workflow files:

• actions/setup-node pinned to 53b83947a5a98c8d113130e565377fae1a50d02f (v6.3.0)
• actions/checkout pinned to de0fac2e4500dabe0009e67214ff5f5447ce83dd (v6.0.2)
• actions/upload-artifact pinned to bbbca2ddaa5d8feaa63e36b76fdaad77386f024f (v7.0.0)

This ensures the workflow uses known versions of the actions, providing stability and predictability for future runs.

[changeset-bot]

⚠️ No Changeset found

Latest commit: 39ea88d

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[annepetersen]

LGTM (with an assist from Peter)