You can specify commit hash to apply when you build documentation.
This allows to regenerate past version of the documentation by
checking out the exact version tag that was used back then and
applying the commit hash with fixes.
This might help in fixing issues like
https://github.com/apache/airflow/issues/53646
After https://github.com/eclipse-csi/octopin/issues/45 is fixed,
we can now switch off the exclusion for workflow files in yamllint
as the comments added by octopin now have 2 spaces as expected by
default by yamllint.
Apache Software Foundation security team is going to introduce the rule
that all actions should be pinned to hash commit (because security)
and recommends to use eclipse's octopin to automatically make sure
that your actions are pinned to commit rather than version (adding
version as a comment).
This PR integrates octopin and converts all our actions to use
hashes (even the standard ones that we considered as "safe" so far.
Those workflows inherit permissions from the calling workflows
but it's good to add explicit permissions to indicate what is
needed and in case we will also use the workflows for other purposes
in the future - default permissions for older repos might be
write so it's best to be explicit about the permissions.
Found by CodeQL scanning
