Pin to SHAs all GitHub actions

[pmashchenskiy]

This PR introduces the following changes:

• Pins to SHAs all GitHub actions
• Bump versions to avoid deprecated Node.js 20 actions
• Adds dependabot to update actions monthly

[Copilot]

Pull request overview

This PR hardens the repository’s GitHub Actions usage by pinning action references to immutable commit SHAs, updating action versions to newer releases, and introducing a Dependabot configuration to keep those action pins refreshed over time.

Changes:

• Pin actions/checkout and Docker-related GitHub Actions to full commit SHAs in the build and release workflows.
• Update Docker actions to newer major versions (per inline version comments) to stay current with the GitHub Actions runtime.
• Add a monthly Dependabot schedule for github-actions updates, grouped into a single PR stream with consistent labels and commit message prefix.

Reviewed changes

Copilot reviewed 3 out of 3 changed files in this pull request and generated no comments.

File	Description
.github/workflows/release.yaml	Pins all referenced actions to SHAs and bumps the Docker actions used for release publishing.
.github/workflows/build.yaml	Pins actions/checkout to a SHA for the build workflow.
.github/dependabot.yaml	Adds Dependabot configuration to update GitHub Actions pins monthly (grouped).

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.