Replace GitHub action version tags with commit SHAs

[darbyjohnston]

This PR replaces the version tags used in the GitHub actions with their corresponding commit SHAs. This is intended to improve security since the SHAs are immutable while the tags can potentially change.

Note that it looked like pypa/gh-action-pypi-publish was pointing to a branch name, so I used the latest version of v1 (v1.13.0).

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 85.15%. Comparing base (f3cb304) to head (7c0f744).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@           Coverage Diff           @@
##             main    #1998   +/-   ##
=======================================
  Coverage   85.15%   85.15%           
=======================================
  Files         181      181           
  Lines       12783    12783           
  Branches     1206     1206           
=======================================
  Hits        10885    10885           
  Misses       1715     1715           
  Partials      183      183           

Flag	Coverage Δ
py-unittests	85.15% <ø> (ø)

Flags with carried forward coverage won't be shown. Click here to find out more.

---

Continue to review full report in Codecov by Sentry.

Legend - Click here to learn more
Δ = absolute <relative> (impact), ø = not affected, ? = missing data
Powered by Codecov. Last update 39dd36c...7c0f744. Read the comment docs.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.

[jminor]

After we land this, we can consider enabling this toggle in the repo settings that says "Require actions to be pinned to a full-length commit SHA"