chore: pin GitHub Actions to commit SHAs

[bhimrazy]

What does this PR do?

Pins GitHub Actions and reusable workflow references to verified commit SHAs for supply chain security.

Follows the same pattern as Lightning-AI/LitServe#689 and Lightning-AI/pytorch-lightning#21735.

The label-conflicts workflow is intentionally left unchanged.

Pinned references

Action	Release/ref	Commit SHA
actions/checkout	v6.0.2	de0fac2e4500dabe0009e67214ff5f5447ce83dd
astral-sh/setup-uv	v7.6.0	37802adc94f370d6bfd71619e3f0bf239e1f3b78
codecov/codecov-action	v6.0.1	e79a6962e0d4c0c17b229090214935d2e33f8354
actions/upload-artifact	v7.0.1	043fb46d1a93c77aae656e7c1c64a875d1fc6a0a
actions/download-artifact	v8.0.1	3e5f45b2cfb9172054b4087a40e8e0b5a5461e7c
pypa/gh-action-pypi-publish	v1.13.0	ed0c53931b1dc9bd32cbe73a98c7f6766f8a527e
Lightning-AI/utilities	v0.15.3	86fe1b20b4609835ba9e8c8739cd39707ba76868
actions/first-interaction	v3.1.0	1c4688942c71f71d4f5502a26ea67c331730fa4d
JamesIves/github-pages-deploy-action	v4.7.3	6c2d9db40f9296374acc17b90404b6e8864128c8

[codecov-commenter]

⚠️ Please install the to ensure uploads and comments are reliably processed by Codecov.

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 84%. Comparing base (2b1f787) to head (828d362).
❗ Your organization needs to install the Codecov GitHub app to enable full functionality.

Additional details and impacted files

@@         Coverage Diff         @@
##           main   #156   +/-   ##
===================================
- Coverage    89%    84%   -5%     
===================================
  Files        12     12           
  Lines       517    517           
===================================
- Hits        461    436   -25     
- Misses       56     81   +25     

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.