[8.x](backport #3107) ci: pin actions to specific commits

[mergify]

Summary of your changes

replace mutable tag with digest to improve security and reproducibility

Screenshot/Data

Related Issues

Checklist

• I have added tests that prove my fix is effective or that my feature works
• I have added the necessary README/documentation (if appropriate)

Introducing a new rule?

• Generate rule metadata using this script
• Add relevant unit tests
• Generate relevant rule templates using this script, and open a PR in elastic/packages/cloud_security_posture

---

This is an automatic backport of pull request #3107 done by [Mergify](https://mergify.com).

[mergify]

Cherry-pick of 45a70b8 has failed:

On branch mergify/bp/8.x/pr-3107
Your branch is up to date with 'origin/8.x'.

You are currently cherry-picking commit 45a70b81.
  (fix conflicts and run "git cherry-pick --continue")
  (use "git cherry-pick --skip" to skip this patch)
  (use "git cherry-pick --abort" to cancel the cherry-pick operation)

Changes to be committed:
	modified:   .github/actions/aws-asset-inventory-ci/action.yml
	modified:   .github/actions/aws-ci/action.yml
	modified:   .github/actions/azure-ci/action.yml
	modified:   .github/actions/cnvm-ci/action.yml
	modified:   .github/actions/docker-images/action.yml
	modified:   .github/actions/gcp-asset-inventory-ci/action.yml
	modified:   .github/actions/gcp-ci/action.yml
	modified:   .github/actions/hermit/action.yml
	modified:   .github/actions/init-integration/action.yml
	modified:   .github/actions/k8s-ci/action.yml
	modified:   .github/actions/kibana-ftr/action.yml
	modified:   .github/actions/slack-notification/action.yml
	modified:   .github/workflows/arm-template-lint.yml
	modified:   .github/workflows/bump-version.yml
	modified:   .github/workflows/ci-pull_request.yml
	modified:   .github/workflows/packaging.yml
	modified:   .github/workflows/rerun-flaky-workflows.yml
	modified:   .github/workflows/sync-internal-cloudbeat-version.yml
	modified:   .github/workflows/sync-rule-templates.yml
	modified:   .github/workflows/test-agent-compatibility.yml
	modified:   .github/workflows/test-ech-agentless.yml
	modified:   .github/workflows/test-gcp-dm.yml
	modified:   .github/workflows/test-opa-coverage.yml
	modified:   .github/workflows/test-opa-policies.yml
	modified:   .github/workflows/unit-test.yml
	modified:   .github/workflows/updatecli.yml
	modified:   .github/workflows/weekly-serverless.yml

Unmerged paths:
  (use "git add/rm <file>..." as appropriate to mark resolution)
	deleted by us:   .github/actions/azure-asset-inventory-ci/action.yml
	both modified:   .github/workflows/ci.yml
	both modified:   .github/workflows/cloudformation-ci.yml
	both modified:   .github/workflows/destroy-environment.yml
	both modified:   .github/workflows/destroy-expired-environment.yml
	both modified:   .github/workflows/eks-ci.yml
	both modified:   .github/workflows/publish-cloudformation.yml
	both modified:   .github/workflows/test-environment.yml
	both modified:   .github/workflows/upgrade-environment.yml

To fix up this pull request, you can check it out locally. See documentation: https://docs.github.com/en/pull-requests/collaborating-with-pull-requests/reviewing-changes-in-pull-requests/checking-out-pull-requests-locally