docs: authoring CI workflows for trestle-bot section in contributing guide

[hbraswelrh]

Description

The changes made to the CONTRIBUTING.md guide include a section on "Authoring CI Workflows." The changes outline the importance of using third party actions pinned to hash values for secure maintenance of dependencies and version updates. The changes made highlight the pin generation syntax that references the full length commit SHA associated with the version of the action within the action's repository.

Fixes #317

Type of change

• This change requires a documentation update

How has this been tested?

• The tests run to verify changes were make test, make lint, make develop, and make all from the trestle-bot Makefile.

Test Configuration:

• Firmware version: N40ET47W (1.29)
• Hardware: Lenovo ThinkPad P1 Gen 4i
• Toolchain:
• SDK:

Checklist

• My code follows the style guidelines of this project
• I have performed a self-review of my own code
• I have commented my code, particularly in hard-to-understand areas
• I have made corresponding changes to the documentation
• My changes generate no new warnings
• I have added tests that prove my fix is effective or that my feature works
• New and existing unit tests pass locally with my changes
• Any dependent changes have been merged and published in downstream modules

[jpower432]

Thanks for working on this @hbraswelrh! I left a couple suggestions on content wording.

[hbraswelrh]

Thank you for the feedback! The change of verbiage better represents the purpose of pinning actions to the full length commit SHA. Additionally, using "reference" instead of pin provides a better depiction of what dependabot.yml will use when updating dependencies and versioning.

[jpower432]

Looks good. Might be good to get another review as well from @gvauter.