chore: update action versions and adjust permissions in workflow files

[fukusuket]

What Changed

I have updated third-party action references to use full-length commit SHA, following the best practices.

• https://docs.github.com/en/actions/reference/security/secure-use#using-third-party-actions

I’d appreciate it if you could check it when you have time🙏

[Copilot]

Pull request overview

This PR updates the repository’s GitHub Actions workflows by pinning action references to immutable SHAs and adding explicit GITHUB_TOKEN permissions. It affects the release pipeline plus the audit/config-generation automation that maintains Windows audit data and generated rule metadata.

Changes:

• Pin core workflow actions (checkout, setup-node, upload-artifact, and PR automation actions) to specific commit SHAs with version annotations.
• Add explicit workflow-level permissions for read-only workflows and write-capable automation workflows.
• Adjust release, audit-check, CSV-generation, and rule-metadata workflows to use the updated action references.

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated 2 comments.

File	Description
.github/workflows/release.yml	Pins release workflow actions and adds explicit read-only repository permissions.
.github/workflows/create-rule-meta.yml	Pins checkout/PR automation actions and grants write permissions for automated rule update PRs.
.github/workflows/create-csv.yml	Pins checkout and enables repository write access for the CSV generation workflow.
.github/workflows/check-audit.yml	Pins checkout and adds explicit read-only permissions for the audit validation workflow.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.