CI: pin GitHub Actions workflows

[ErikSchierboom]

This PR updates GitHub Actions workflows to a specific version.
This ensures that the workflow will always run the same code, which makes your build stable.
It will also prevent a potential security issue where a tag could be replaced by a malicious commit without consumers being aware of it.

The PR updates each non-SHA based workflow reference with the SHA of the referenced version/tag, so the current behavior should not change.

See https://exercism.org/docs/building/github/gha-best-practices#h-pin-actions-to-shas for more information.

[github-actions]

Thank you for contributing to exercism/elixir 💜 🎉. This is an automated PR comment 🤖 for the maintainers of this repository that helps with the PR review process. You can safely ignore it and wait for a maintainer to review your changes.

Based on the files changed in this PR, it would be good to pay attention to the following details when reviewing the PR:

• General steps
  • 🏆 Does this PR need to receive a label with a reputation modifier (x:size/{tiny,small,medium,large,massive})? (A medium reputation amount is awarded by default, see docs)

---

Automated comment created by PR Commenter 🤖.

[angelikatyborska]

Did you check whether dependabot will respect this convention out of the box? Usually its PRs update tags #1383

[ErikSchierboom]

Did you check whether dependabot will respect this convention out of the box?

Yes. We've been using this for a couple of years now and it works well (if you'd like, you could even add a version comment at the end and that will be updated too).