Pin to SHAs all GitHub actions

[pmashchenskiy]

This PR introduces the following changes:

• Pins to SHAs all GitHub actions
• Bump versions to avoid deprecated Node.js 20 actions
• Adds dependabot to update actions monthly

[Copilot]

Pull request overview

This PR hardens the repository’s GitHub Actions usage by pinning all referenced actions to immutable commit SHAs, while also introducing Dependabot automation to keep those pins updated over time.

Changes:

• Pinned actions/checkout (and refreshed Docker-related actions in the release workflow) to specific commit SHAs.
• Updated Docker GitHub Action references to newer versions (via updated SHAs) to stay current with upstream runtime/support changes.
• Added a Dependabot configuration to check GitHub Actions updates on a monthly schedule (grouped into a single PR stream).

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
.github/workflows/release.yaml	Pins all used actions to SHAs and updates Docker action SHAs/versions for the release pipeline.
.github/workflows/build.yaml	Pins the checkout action to a SHA for the build pipeline.
.github/dependabot.yml	Adds monthly Dependabot updates for GitHub Actions (grouped) to keep pins maintained.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.