Pin GitHub action versions

[tobias-tengler]

No description provided.

[Copilot]

Pull request overview

Pins GitHub Actions used across the repository’s workflows to immutable commit SHAs to improve supply-chain security and ensure deterministic workflow execution.

Changes:

• Replaced tag-based uses: owner/action@vX references with pinned commit SHAs (with inline version comments) in release, CI, coverage, labeling, benchmarks, and website publish workflows.
• Pinned both first-party (ChilliCream/) and third-party actions (actions/, docker/, azure/, codecov/, NuGet/, github/*) consistently.

Reviewed changes

Copilot reviewed 8 out of 8 changed files in this pull request and generated no comments.

Show a summary per file

File	Description
.github/workflows/release.yml	Pins all actions involved in release, packaging, signing, and publishing steps to commit SHAs.
.github/workflows/publish-website.yml	Pins checkout, docker, node, cache, build/push, and Azure deploy actions to commit SHAs.
.github/workflows/pr-labeler.yml	Pins the PR labeler action to a commit SHA.
.github/workflows/issue-labeler.yml	Pins the issue labeler action to a commit SHA.
.github/workflows/coverage.yml	Pins checkout/setup-dotnet/docker login/artifact/codecov actions used for coverage to commit SHAs.
.github/workflows/ci.yml	Pins all actions used throughout CI jobs (checkout, node, cache, docker, artifacts, codecov, nitro validate) to commit SHAs.
.github/workflows/ci-cleanup.yml	Pins checkout action used by the cache cleanup workflow to a commit SHA.
.github/workflows/benchmarks.yml	Pins github-script, checkout, artifact download/upload actions used by benchmarks to commit SHAs.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.