Pin GitHub Actions to SHAs [SRE-1802]

[tylergohl]

Summary

Pin GitHub Actions references in this repo to immutable commit SHAs (with the original tag/branch preserved in a trailing comment). Part of SRE-1802 — org-wide supply-chain hardening.

Scope

This PR pins:

• Internal ctrliq/* reusable workflow and action references
• External actions not handled by clo-ciq's parallel Node 20 effort

No actions in this repo were claimed by clo-ciq's effort — this PR pins everything.

Files touched

• .github/workflows/devel_images.yml

Test plan

• Workflow runs succeed on this branch (or on next trigger after merge)
• Once this and any companion clo-ciq PR merge, this repo has zero unpinned external/internal refs and sha_pinning_required can be enabled on it

[Copilot]

Pull request overview

This PR hardens the repository’s GitHub Actions supply chain by pinning previously tag-referenced third-party actions to immutable commit SHAs in the development image build workflow, aligning with the org-wide action pinning effort (SRE-1802).

Changes:

• Pinned Kaven-Universe/github-action-current-date-time from @v1 to a commit SHA (retaining the version as an inline comment).
• Pinned benjlevesque/short-sha from @v3.0 to a commit SHA (retaining the version as an inline comment).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.