Pin 3rd-party actions to SHA1

[fbricon]

Hi!

Following the GH Action Security Hardening guide we should use the commit SHA instead of the branch or tag for any third-party untrusted action.

This PR was submitted by a script.

[openshift-ci]

[APPROVALNOTIFIER] This PR is NOT APPROVED

This pull-request has been approved by:
Once this PR has been reviewed and has the lgtm label, please assign sadlerap for approval. For more information see the Kubernetes Code Review Process.

The full list of commands accepted by this bot can be found here.

Needs approval from an approver in each of these files:

• OWNERS

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

[codecov]

Codecov Report

Merging #1389 (a379ffe) into master (b1e2997) will not change coverage.
The diff coverage is n/a.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #1389   +/-   ##
=======================================
  Coverage   58.21%   58.21%           
=======================================
  Files          35       35           
  Lines        3011     3011           
=======================================
  Hits         1753     1753           
  Misses       1090     1090           
  Partials      168      168           

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update b1e2997...a379ffe. Read the comment docs.

[fbricon]

Due to some limitations of the GitHub API, my script can only generate 1 file change per commit. Feel free to squash the PR

[sadlerap]

/lgtm