chore(deps): pin trusted workflows based on HashiCorp TSCCR

[hashicorp-tsccr[bot]]

Bumping GitHub Actions version to latest TSCCR release.

• changes in .github/workflows/cdktf-provider-docs-rollout.yml
  • bump slackapi/slack-github-action from v1.26.0 to v1.27.0 (release notes)
• changes in .github/workflows/integration.yml
  • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
  • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
• changes in .github/workflows/provider-integration.yml
  • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
• changes in .github/workflows/release.yml
  • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
  • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
  • bump slackapi/slack-github-action from v1.26.0 to v1.27.0 (release notes)
• changes in .github/workflows/release_next.yml
  • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
  • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
  • bump slackapi/slack-github-action from v1.26.0 to v1.27.0 (release notes)
• changes in .github/workflows/yarn-upgrade.yml
  • bump actions/upload-artifact from v4.3.6 to v4.4.0 (release notes)
  • bump peter-evans/create-pull-request from v6.1.0 to v7.0.2 (release notes)
  • bump peter-evans/create-pull-request from v6.1.0 to v7.0.2 (release notes)
  • bump peter-evans/create-pull-request from v6.1.0 to v7.0.2 (release notes)

This PR was auto-generated by security-tsccr/actions/runs/10878389576

You can alter the configuration of this automation via the hcl config in security-tsccr/automation

This PR can be regenerated by dispatching the GitHub workflow Pin Action Refs. Please reach out to #team-prodsec if you have any questions.

[xiehan]

I'm not familiar enough with this build process to know whether we do or don't rely on file names that start with ., so be very wary of this breaking change in upload-artifact v4.4.0 which has broken lots of projects' CI jobs.

[github-actions[bot]]

I'm going to lock this pull request because it has been closed for 30 days. This helps our maintainers find and focus on the active issues. If you've found a problem that seems related to this change, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further.