tools: use actions pinned by commit hash on coverage-linux.yml

As discussed in the Security WG's latest meeting, here is how to use actions by commit hash in GitHub workflows.

Motivation: Using actions by commit hash reference is a remediation for, when actions are compromised or go under a dependency confusion attack, you are not using the malicious version. This remediation along with using least privilege principle for each action in the workflow, makes it harder for a possible action hijacker to have high access to your repository.

Signed-off-by: Gabriela Gutierrez gabigutierrez@google.com

Related to: https://github.com/nodejs/security-wg/issues/851