fix(ci): hardening security of GH actions

[christian-bromann]

What is the current behavior?

Currently, our GitHub Actions workflows have several security vulnerabilities:

• They use floating versions for actions, which can lead to supply chain attacks if a dependency is compromised.
• They lack explicit permission blocks, granting them more access than necessary.
• Some tests are running on outdated Node.js versions.
• The dev server is vulnerable to directory traversal attacks.

GitHub Issue Number: N/A

What is the new behavior?

This pull request hardens the security of our GitHub Actions and the dev server by:

• Pinning all actions to a specific commit SHA to ensure we are using a specific, audited version.
• Adding permissions blocks to all workflows to enforce the principle of least privilege, mostly restricting them to contents: read.
• Removing Node.js v16 from the test matrix for several test jobs.
• Fixing a bug in test-types.yml where a matrix was missing.
• Adding a check in the dev server to prevent directory traversal.
• Removing the deprecated renovate.json5 configuration.

Documentation

N/A

Does this introduce a breaking change?

• Yes
• No

Testing

All changes were applied directly to the CI configuration. The CI pipeline itself will validate the changes.

Other information

N/A