chore(security): Pin workflow actions to commit SHAs

[evansims]

This PR pins the Templum/govulncheck-action, golangci/golangci-lint-action, and codecov/codecov-action third-party actions to the full-length commit SHAs for their most recent releases.

Pinning an action to a full-length commit SHA is currently the only way to use an action as an immutable release. Pinning to a particular SHA helps mitigate the risk of a bad actor adding a backdoor to the action's repository. docs.github.com/en/actions/security-guides/security-hardening-for-github-actions#using-third-party-actions

[codecov-commenter]

Codecov Report

Patch and project coverage have no change.

Comparison is base (dbff9c6) 94.78% compared to head (96ada29) 94.78%.

Additional details and impacted files

```diff @@ Coverage Diff @@ ## master #210 +/- ## ======================================= Coverage 94.78% 94.78% ======================================= Files 7 7 Lines 307 307 ======================================= Hits 291 291 Misses 12 12 Partials 4 4 ```

:umbrella: View full report in Codecov by Sentry.
:loudspeaker: Do you have feedback about the report comment? Let us know in this issue.