Pin GitHub Actions dependencies, switch to weekly update schedule

[scordio]

Similar to:

• Pin GitHub Actions dependencies, switch to weekly update schedule assertj#3932
• Pin GitHub Actions dependencies, switch to weekly update schedule assertj-generator#283
• Pin GitHub Actions dependencies to specific commit SHAs assertj-eclipse-collections#10

The GitHub Actions dependency versions should be pinned with the commit SHA, and a corresponding comment should be added inline to track the version, for example:

-        uses: oracle-actions/setup-java@v1
+        uses: oracle-actions/setup-java@b1546e588c27008e88bfcabda44d11c22316b9b8 # v1.4.2

To aid the review, the pull request description should contain the URL pointing to the corresponding commit of each changed action, proving the SHA authenticity.

Additionally, the Dependabot configuration should be updated to group all GitHub Actions upgrades in a single group, and that group should have a weekly schedule.