chore(deps): bump the github-actions group with 3 updates

.github/workflows/dependabot-automerge.yml

@@ -13,7 +13,7 @@ jobs:
     steps:
       - name: Fetch dependabot metadata
         id: metadata
-        uses: dependabot/fetch-metadata@7b32f6819be090fb070022f99efc0f0b6352f6ec
+        uses: dependabot/fetch-metadata@99a08bf4ec2793c7452e1d96f462b3092dcf8eca
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
 

.github/workflows/go.yml

@@ -72,7 +72,7 @@ jobs:
 
       - name: Download merge-base coverage
         if: github.ref != 'refs/heads/main' && !startsWith(github.ref, 'refs/tags/v') && steps.merge-base-run.outputs.run_id != ''
-        uses: dawidd6/action-download-artifact@8305c0f1062bb0d184d09ef4493ecb9288447732 # v20
+        uses: dawidd6/action-download-artifact@b6e2e70617bc3265edd6dab6c906732b2f1ae151 # v21
         with:
           workflow: go.yml
           run_id: ${{ steps.merge-base-run.outputs.run_id }}
@@ -330,7 +330,7 @@ jobs:
           subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }}
 
       - name: Trusted Signing
-        uses: Azure/trusted-signing-action@b443cf8ea4124818d2ea9f043cba29fc3ec47b16 # v1.2.0
+        uses: Azure/trusted-signing-action@c7ab2a863ab5f9a846ddb8265964877ef296ee82 # v2.0.0
         with:
           endpoint: https://wus2.codesigning.azure.net/ # from Azure portal
           trusted-signing-account-name: DefangLabs # from Azure portal