chore: pin GitHub Action SHAs

[V3RON]

This PR hardens our GitHub Actions setup by replacing floating major-version action references with exact release SHAs in the E2E workflow and the composite action YAMLs under packages/github-action/. From a user perspective, behavior stays the same, but workflow runs are now locked to reviewed action revisions instead of whatever the major tag points to later.

Closes #107

Summary

• pin every external action used by .github/workflows/e2e-tests.yml and packages/github-action/src/*.yml to the commit SHA for the latest release under the currently used major tag
• keep local uses: ./ references unchanged while adding inline release comments for traceability
• verify the final pins against the source repositories and confirm no @v* references remain in the targeted YAML files

Verification

• resolved release tags and SHAs with gh api for each referenced action repository
• confirmed no remaining major-tag uses: entries in the targeted YAML files

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Actions	Updated (UTC)
react-native-harness	Ready	Preview, Comment	May 5, 2026 6:55am

[bryan-lamb777]

Thankyou!