Pin actions/checkout@v1 to SHA, switch dependabot to monthly

Pin the i386/debian container checkout to SHA to prevent dependabot
from updating it (v1 is required for that container). Remove the
non-working ignore block and change schedule from weekly to monthly.

Author: rwgk

.github/dependabot.yml

@@ -4,12 +4,8 @@ updates:
   - package-ecosystem: "github-actions"
     directory: "/"
     schedule:
-      interval: "weekly"
+      interval: "monthly"
     groups:
       actions:
         patterns:
           - "*"
-    ignore:
-      - dependency-name: actions/checkout
-        versions:
-          - "<5"

.github/workflows/ci.yml

@@ -778,7 +778,8 @@ jobs:
     timeout-minutes: 90
 
     steps:
-    - uses: actions/checkout@v1  # v1 is required to run inside docker
+    # v1 required for i386/debian container; pinned to SHA to prevent dependabot updates
+    - uses: actions/checkout@544eadc6bf3d226fd7a7a9f0dc5b5bf7ca0675b9  # v1
 
     - name: Install requirements
       run: |