[DEV-72] chore: pin GitHub Actions to commit SHAs

[austinpray-mixpanel]

Summary

Pin all GitHub Actions workflow steps to immutable full commit SHAs instead of mutable tags or branches.

Why

Mutable tags can be moved after the fact, making it possible for a supply-chain attack to inject malicious code into CI. Pinning to a commit SHA ensures the exact version of an action is used, and the original tag is preserved as an inline comment for readability.

Verification

Review the diff — all uses: lines with third-party actions should now reference a 40-character commit SHA with the original tag as an inline comment.

🤖 Generated with Claude Code

Linear: https://linear.app/mixpanel/issue/DEV-72/pin-all-github-actions-to-commit-shas

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 96.64%. Comparing base (a780e93) to head (cabda15).

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #133   +/-   ##
=======================================
  Coverage   96.64%   96.64%           
=======================================
  Files          14       14           
  Lines         655      655           
=======================================
  Hits          633      633           
  Misses         22       22           

Flag	Coverage Δ
openfeature	100.00% <0.00%> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[linear]

DEV-72 Pin all GitHub Actions to commit SHAs