ci: Tweaks to improve supply-chain security in GitHub Actions

[Pr0methean]

Fixes #530, #531, #532.

[gemini-code-assist]

Note

Gemini is unable to generate a summary for this pull request due to the file types involved not being currently supported.

[amazon-q-developer]

Summary

This PR implements GitHub Actions supply chain hardening measures, which is excellent for security. The changes include:

• ✅ Added step-security/harden-runner to all jobs for outbound call auditing
• ✅ Pinned all GitHub Actions to specific commit SHAs instead of version tags
• ✅ Added a new dependency_review job for dependency security scanning
• ✅ Improved concurrency group configuration for better PR handling

Critical Issue Found:

• Version Inconsistency: The dependency_review job uses actions/checkout@v4.3.1 while all other jobs use actions/checkout@v6.0.1. This inconsistency should be resolved for security and compatibility.

Note on PR Title:
The PR title should follow Conventional Commits format as specified in the project guidelines (e.g., chore: implement github actions supply chain hardening).

Overall, this is a valuable security improvement that enhances the project's supply chain security posture.

---

You can now have the agent implement changes and create commits directly on your pull request's source branch. Simply comment with /q followed by your request in natural language to ask the agent to make changes.

[Pr0methean]

DevSkim apparently failed to trigger on this PR, but should be able to run on it once #548 is merged.