[Tracking] Make our Actions workflows more secure

[zeke]

We want our use of GitHub Actions to be a secure as possible. This is a tracking issue for steps we can take to make them more secure. See https://github.com/github/security/issues/3907

• Create a test to lint workflows for correctness and consistency https://github.com/github/help-docs/pull/13181
• Move GitHub Action versions to shas #555 Use SHAs instead of version numbers for all uses values (see https://github.com/github/security/issues/3907#issuecomment-619103152)
• Create an AllowList of known/trusted Action authors https://github.com/github/docs-internal/pull/15850

cc @github/content-platform-engineering

[github-actions]

This issue is stale because it has been open 60 days with no activity.

[zeke]

This is not on fire, but I think it's still relevant.

I think the AllowList will become more important after we've open-sourced to help prevent any malicious (or unreliable) actions being introduced into our workflows.

[zeke]

I made some progress toward this with https://github.com/github/docs-internal/pull/15850 which adds an Actions AllowList

[chiedo]

Opened a PR to move all versions to shas! #555

[chiedo]

Handled the shas! Will leave the following for someone else

Create a test to lint workflows for correctness and consistency