Pin github action dependencies to exact sha

[mdjastrzebski]

Summary

This PR pins all GitHub Action dependencies to their exact commit SHA values instead of mutable version tags (e.g., @v4). This is a security best practice that enhances supply chain protection and ensures reproducible builds by preventing unexpected changes from action maintainers.

Specifically, the following actions have been updated:

• actions/checkout
• actions/setup-node
• actions/cache
• codecov/codecov-action
• peaceiris/actions-gh-pages

Test plan

Verify that all GitHub Actions workflows (e.g., ci.yml, example-apps.yml, website.yml) continue to run successfully after this change. A new push or PR will trigger these workflows.

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 95.49%. Comparing base (77af968) to head (3c1f57d).
Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #1797      +/-   ##
==========================================
+ Coverage   95.34%   95.49%   +0.15%     
==========================================
  Files          94       94              
  Lines        5244     5244              
  Branches      893      577     -316     
==========================================
+ Hits         5000     5008       +8     
+ Misses        244      236       -8     

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.
• 📦 JS Bundle Analysis: Save yourself from yourself by tracking and limiting bundle sizes in JS merges.