tools: add missing pinned dependencies
This MR aims to increase the score of OpenSSF by pinning some missing dependencies.
Pinned dependencies:
- actions/checkout
- gr2m/create-or-update-pull-request-action
- ubuntu
To get the 10 score on the Pinned-Dependencies scorecard section, some other application dependencies (npm and pip) would have to be pinned. But on this, I decided to investigate the correct way to pin them before creating a PR.