Pin GitHub workflow actions to immutable commit SHAs

[Copilot]

This PR hardens GitHub workflows by replacing floating action tags with commit-pinned references. It removes version-drift risk from CI and scheduled automation by making action resolution deterministic.

• Scope

  • Updated all uses: entries in repository workflows that referenced mutable tags (v4, v8, v6.0.0).

• Workflow updates

  • .github/workflows/build.yml
    • actions/checkout@v4 → pinned commit (# v4.3.1)
    • actions/cache@v4 → pinned commit (# v4.3.0)
    • SonarSource/sonarqube-scan-action@v6.0.0 → pinned commit (# v6.0.0)
  • .github/workflows/stale.yml
    • actions/stale@v8 → pinned commit (# v8.0.0)
  • .github/workflows/no-response.yml
    • actions/stale@v8 → pinned commit (# v8.0.0)

• Pattern applied

  • Kept human-readable version context via inline comments while enforcing immutable refs, using exact version tags for each pinned SHA.

- uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4.3.1

[infeo]

@copilot Use the exact version in the inline comments. If only the major version is specified, use the most recent version with the same major version number.

[Copilot]

@copilot Use the exact version in the inline comments. If only the major version is specified, use the most recent version with the same major version number.

Updated the inline comments to exact versions for the pinned SHAs in all affected workflows (v4.3.1, v4.3.0, and v8.0.0). Fixed in commit 6d3c417.