[WIP] Add script to update action versions in workflows

[Copilot]

Thanks for assigning this issue to me. I'm starting to work on it and will keep this PR's description up to date as I form a plan and make progress.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>build: pin down version in workflows</issue_title>
<issue_description>There has been various supply chain attacks in upstream project via workflows which automatically use latest version of the build dependencies.

So instead having

      - uses: actions/checkout@v5

      - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0

maybe instead doing this always per hand, a simple script which would be great, which has
a input file

the config file should be under .github and in yaml format .github/action-versions.yaml

 actions/checkout: 08c6903cd8c0fde910a37f88322edcfb5dd907a8 #v5.0.0
 actions/upload-artifact: [ref]  #v5.0.0

the script should be in ./scripts/update-workflows.sh and should have two commands.

• The first command update-version: this is to update the action-versions.yaml
• The second command update-workflows: this updates the workflows with the versions from action-version.yaml</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes build: pin down version in workflows #3011

---

💬 We'd love your input! Share your thoughts on Copilot coding agent in our 2 minute survey.