[SEC-7924] chore: pin third-party GitHub Actions to commit SHAs

Pin all third-party GitHub Actions to full-length commit SHAs to prevent
supply chain attacks. Addresses findings from the
third-party-action-not-pinned-to-commit-sha Semgrep rule.

Author: pkaeding

.github/workflows/release-please.yml

@@ -11,7 +11,7 @@ jobs:
     outputs:
       release_created: ${{ steps.release.outputs.release_created }}
     steps:
-      - uses: googleapis/release-please-action@v4
+      - uses: googleapis/release-please-action@16a9c90856f42705d54a6fda1823352bdc62cf38 # v4
         id: release
         with:
           token: ${{secrets.GITHUB_TOKEN}}