chore(ci): pin all GitHub Actions to full SHA digests

[josunday002]

Replace mutable version tags (e.g. @v4) with immutable full-length commit SHA digests across all seven workflow files. Each pin retains a human-readable comment (e.g. # v4) so the intended version is still obvious at a glance.

Actions pinned:

• actions/checkout@v4 → @11bd71901bbe5b1630ceea73d27597364c9af683
• actions/setup-node@v4 → @49933ea5288caeca8642d1e84afbd3f7d6820020
• actions/cache@v4 → @0057852bfaa89a56745cba8c7296529d2fc39830
• actions/github-script@v7 → @f28e40c7f34bde8b3046d885e986cb6290c5673b
• actions/dependency-review-action@v4 → @a6993e2c61fd5dc440b409aa1d6904921c5e1894
• dtolnay/rust-toolchain@stable → @3c5f7ea28cd621ae0bf5283f0e981fb97b8a7af9
• Swatinem/rust-cache@v2 → @42dc69e1aa15d09112580998cf2ef0119e2e91ae

Workflows updated:

• abi-snapshot.yml
• audit-check.yml
• changelog.yml
• ci.yml
• commitlint.yml
• contract-release.yml
• dependency-review.yml

Also fixes a structural bug in audit-check.yml where the frontend-audit step was missing its step name and was incorrectly appended to the backend-audit step block.

Summary

Changes

Test Plan

Automated tests added or updated

• Unit tests (backend/src/**/*.spec.ts) — service/guard/decorator logic in isolation
• Integration / e2e tests (backend/test/**/*.e2e-spec.ts) — HTTP round-trips with mocked infrastructure
• Frontend component tests (frontend/src/**/*.test.{ts,tsx}) — React component behaviour
• Frontend e2e tests (frontend/e2e/**/*.spec.ts) — Playwright browser flows
• Contract tests (contract/) — Soroban/Rust unit tests via cargo test
• No new tests required — explain why: ___

How to run the tests locally

# Backend unit tests
cd backend && npm test

# Backend e2e tests (requires no live DB — uses in-memory mocks)
cd backend && npm run test:e2e

# Frontend component tests
cd frontend && npx vitest run

# Frontend e2e tests (requires dev server on :3000 and API on :3001)
cd frontend && npx playwright test

# Contract tests
cd contract && cargo test

Manual verification checklist

• Happy path works end-to-end in a local environment
• Error / edge cases handled gracefully (stale state, invalid input, disconnected wallet)
• No regressions in closely related API or UI flows
• Rate-limiting, auth guards, and feature flags behave as expected where touched
• Linting passes: cd backend && npm run lint / cd frontend && npm run lint

Related issues

Notes for reviewers

closes #709

[drips-wave]

@josunday002 Great news! 🎉 Based on an automated assessment of this PR, the linked Wave issue(s) no longer count against your application limits.

You can now already apply to more issues while waiting for a review of this PR. Keep up the great work! 🚀

Learn more about application limits