[Aikido] AI Fix for 3rd party Github Actions should be pinned

[aikido-autofix]

This patch mitigates a potential supply chain attack by pinning the version of third-party Github Actions to their commit SHA.

Aikido used AI to generate this PR.

High confidence: Aikido has a robust set of benchmarks for similar fixes, and they are proven to be effective.

[github-actions]

Qodana for JVM

5 new problems were found

Inspection name	Severity	Problems
Private property naming convention	◽️ Notice	2
Duplicated code fragment	◽️ Notice	1
If-Then foldable to '?:'	◽️ Notice	1
Call chain on collection type can be simplified	◽️ Notice	1

💡 Qodana analysis was run in the pull request mode: only the changed files were checked

View the detailed Qodana report

To be able to view the detailed Qodana report, you can either:

• Register at Qodana Cloud and configure the action
• Use GitHub Code Scanning with Qodana
• Host Qodana report at GitHub Pages
• Inspect and use qodana.sarif.json (see the Qodana SARIF format for details)

To get *.log files or any other Qodana artifacts, run the action with upload-result option set to true,
so that the action will upload the files as the job artifacts:

      - name: 'Qodana Scan'
        uses: JetBrains/qodana-action@v2024.2.3
        with:
          upload-result: true

Contact Qodana team

Contact us at qodana-support@jetbrains.com

• Or via our issue tracker: https://jb.gg/qodana-issue
• Or share your feedback: https://jb.gg/qodana-discussions