Pin versions of github actions dependencies

[jdmoorman]

When calling an action from the marketplace such as actions/checkout@master, it is recommended practice to pin the action to a particular version such as actions/checkout@v1. This alleviates the risk of master introducing a breaking change or vulnerability.

The relevant workflow files are in the .github/workflow directory.