Security: Pin GitHub Actions to immutable SHA hashes

[wroersma]

Summary
This PR updates GitHub Actions to their latest versions and pins them to specific SHA hashes rather than version tags to mitigate supply chain attack risks.

Security Rationale
Using version tags like @v4 creates a security vulnerability as the content behind those tags can be modified at any time by action maintainers or by attackers who compromise their accounts. Recent supply chain attacks like the xz vulnerability (CVE-2024-3094) demonstrate how dependencies can be compromised through trusted distribution mechanisms.

By pinning to immutable SHA hashes, we ensure that the exact code run by our workflows is never silently changed.

Changes
This PR updates multiple GitHub Actions to their latest versions, including:

• actions/checkout from v4 to v4.2.2 (11bd71901bbe5b1630ceea73d27597364c9af683)
• codecov/codecov-action from v4 to v5.4.0
• actions/setup-go from v5 to v5.3.0
• actions/setup-python from v5 to v5.4.0
• actions/upload-artifact from v4 to v4.6.1
• actions/download-artifact from v4 to v4.1.9
• softprops/action-gh-release from v2 to v2.2.1
• actions/setup-node from v4 to v4.2.0
• actions/configure-pages from v4 to v5.0.0
• actions/cache from v4 to v4.2.2

Notable Security Improvements

• All actions are now pinned to specific SHA hashes instead of version tags
• Updates include security patches from newer versions
• Eliminates the risk of a compromised action repository affecting CI/CD security

Testing
All workflows have been validated to ensure they continue to function with the updated action versions.

---

🔒 This PR was created to enhance the security posture of the yara-x GitHub workflow pipeline.