chore(ci): Pin GitHub Actions to immutable SHAs while preserving Dependabot tag tracking

[Copilot]

Description

Pin all GitHub Actions uses: references in CI workflow files to exact immutable commit SHAs, while preserving the human-readable version tag in an inline comment so Dependabot can continue detecting and proposing upstream version updates.

Before:

uses: actions/checkout@v6

After:

uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6

Files changed: .github/workflows/nodejs.yml, .github/workflows/release.yml

Resolves or fixes issue: #1530

AI Tool Disclosure

• My contribution does not include any AI-generated content
• My contribution includes AI-generated content, as disclosed below:
  • AI Tools: GitHub Copilot
  • LLMs and versions: Claude Sonnet 4.5
  • Prompts: Pin GitHub Actions to commit SHAs while keeping tag comments for Dependabot compatibility

Affirmation

• My code follows the CONTRIBUTING.md guidelines

[codacy-production]

Up to standards ✅

🟢 Issues 0 issues

Results:
0 new issues

View in Codacy

🟢 Coverage ∅ diff coverage · +0.00% coverage variation

Metric	Results
Coverage variation	✅ +0.00% coverage variation
Diff coverage	✅ ∅ diff coverage (80.00%)

View coverage diff in Codacy

Coverage variation details

	Coverable lines	Covered lines	Coverage
Common ancestor commit (6d30e9b)	2895	2682	92.64%
Head commit (dcfe1b3)	2895 (+0)	2682 (+0)	92.64% (+0.00%)

Coverage variation is the difference between the coverage for the head and common ancestor commits of the pull request branch: <coverage of head commit> - <coverage of common ancestor commit>

Diff coverage details

	Coverable lines	Covered lines	Diff coverage
Pull request (#1531)	0	0	∅ (not applicable)

Diff coverage is the percentage of lines that are covered by tests out of the coverable lines that the pull request added or modified: <covered lines added or modified>/<coverable lines added or modified> * 100%

_{TIP This summary will be updated as you push new changes. Give us feedback}