ci: pin GitHub Actions to commit SHAs

[vgeorge]

Summary

• Pin all GitHub Actions to immutable commit SHAs
• Add Dependabot config for automatic GitHub Actions updates

Details

Addresses zizmor unpinned-uses findings. GitHub Actions referenced by tag are vulnerable to tag mutation attacks.

Workflow changes:

• conventional-commit.yml: 1 action pinned
• checks.yml: 15 actions pinned
• release.yml: 7 actions pinned

New file:

• .github/dependabot.yml: Weekly updates for github-actions

Fixes #1973

[netlify]

✅ Deploy Preview for veda-ui ready!

Name	Link
🔨 Latest commit	8df06df
🔍 Latest deploy log	https://app.netlify.com/projects/veda-ui/deploys/69d3cd02e306a8000833ba01
😎 Deploy Preview	https://deploy-preview-1976--veda-ui.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[vgeorge]

We recently bumped the actions version in #1985.

Since this workflow relies on standard GitHub Actions that are already kept up to date, I’m not sure this additional change is necessary.