chore: pin third-party GitHub Actions to commit SHAs

[mahangu]

Pins third-party GitHub Actions in this repo to immutable commit SHAs.

Tracking: DEVPROD-1072

Repo-level summary:

• Pinned distinct third-party action refs in this PR: 5
• Repo-level unpinned usage count from the trunk recheck: 45
• Dependabot GitHub Actions coverage: created (.github/dependabot.yml)

Known label limitations:

• DeterminateSystems/magic-nix-cache-action keeps # v13 because no more specific same-major tag was found.
• DeterminateSystems/nix-installer-action keeps # v18 and # v22 because no more specific same-major tags were found.

Verification commands:

# DeterminateSystems/magic-nix-cache-action # v13 -> 565684385bcd71bad329742eefe8d12f2e765b39
gh api repos/DeterminateSystems/magic-nix-cache-action/commits/v13 --jq '.sha'
# expected: 565684385bcd71bad329742eefe8d12f2e765b39

# DeterminateSystems/nix-installer-action # v18 -> c723f3a885e3f1d866d91f4f0c33dd44b1fc7c60
gh api repos/DeterminateSystems/nix-installer-action/commits/v18 --jq '.sha'
# expected: c723f3a885e3f1d866d91f4f0c33dd44b1fc7c60

# DeterminateSystems/nix-installer-action # v22 -> ef8a148080ab6020fd15196c2084a2eea5ff2d25
gh api repos/DeterminateSystems/nix-installer-action/commits/v22 --jq '.sha'
# expected: ef8a148080ab6020fd15196c2084a2eea5ff2d25

# erlef/setup-beam # v1.24.0 -> fc68ffb90438ef2936bbb3251622353b3dcb2f93
gh api repos/erlef/setup-beam/commits/v1.24.0 --jq '.sha'
# expected: fc68ffb90438ef2936bbb3251622353b3dcb2f93

# peaceiris/actions-gh-pages # v4.1.0 -> 84c30a85c19949d7eee79c4ff27748b70285e453
gh api repos/peaceiris/actions-gh-pages/commits/v4.1.0 --jq '.sha'
# expected: 84c30a85c19949d7eee79c4ff27748b70285e453