ci: pin GitHub Actions to commit SHAs in release workflow

[matiasinsaurralde]

Summary

• Pin all third-party actions in release.yml to full commit SHAs to prevent supply-chain attacks via tag mutation
• Actions pinned: actions/checkout, wistia/parse-tool-versions, pnpm/action-setup, actions/setup-node, rtCamp/action-slack-notify
• Original version tags preserved as inline comments for readability

[cla-bot]

We require contributors to sign our Contributor License Agreement, and we don't have @matiasinsaurralde on file. You can sign our CLA at https://e2b.dev/docs/cla . Once you've signed, post a comment here that says '@cla-bot check'

[chatgpt-codex-connector]

Codex usage limits have been reached for code reviews. Please check with the admins of this repo to increase the limits by adding credits.
Credits must be used to enable repository wide code reviews.

[changeset-bot]

⚠️ No Changeset found

Latest commit: cf2552e

Merging this PR will not cause a version bump for any packages. If these changes should not result in a new version, you're good to go. If these changes should result in a version bump, you need to add a changeset.

This PR includes no changesets

When changesets are added to this PR, you'll see the packages that this PR includes changesets for and the associated semver types

Click here to learn what changesets are, and how to add one.

Click here if you're a maintainer who wants to add a changeset to this PR

[matiasinsaurralde]

@cla-bot check

[cla-bot]

The cla-bot has been summoned, and re-checked this pull request!

[mishushakov]

Think it's okay to keep it as-is - any objections @jakubno?