Pin versions of "untrusted" 3rd-party GitHub Actions (#11319)

According to https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/security-hardening-for-github-actions#using-third-party-actionsa
it's best practice not to use tags in case of untrusted
3rd-party actions in order to avoid potential attacks.