fix: pin GitHub Actions to SHA hashes

[koralkulacoglu]

🔒 Security: Pin GitHub Actions to SHA hashes

This PR pins GitHub Actions to their SHA hashes to improve security by preventing potential supply chain attacks through tag mutation.

Task: DX-1985

One-Pager: Automatic SHA Pinner One-Pager

📊 Summary

• 3 action references pinned to SHA hashes
• 2 workflow files updated

📝 Changes Made

.github/workflows/ci.yml

• dtolnay/rust-toolchain@v1 → dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9
• Swatinem/rust-cache@v2 → Swatinem/rust-cache@f13886b937689c021905a6b90929199931d60db1

.github/workflows/publish.yml

• dtolnay/rust-toolchain@v1 → dtolnay/rust-toolchain@e97e2d8cc328f1b50210efc529dca0028893a2d9

🔍 Why this change?

Pinning GitHub Actions to SHA hashes instead of tags provides:

1. Immutability: SHA hashes cannot be changed, preventing malicious updates to existing releases
2. Supply Chain Security: Protects against compromised action maintainer accounts
3. Compliance: Aligns with security best practices for CI/CD pipelines

🧪 Testing

• Verify all workflows still function correctly
• Check that no functionality is broken by the pinned versions

❓ Questions?

If you have any questions about this change, feel free to ask the dev-ex team in #notify-dev-ex.

📚 References

• GitHub Security Hardening Guide
• OSSF Security Best Practices

---

🤖 This PR was automatically generated by the SHA Pinner Audit tool.