Consider using full SHA for GitHub Actions in the generated `release.yml`

[dhruvmanila]

For context, with the recent event related to tj-actions/changed-files being compromised, we, at Astral, decided to pin all of the GitHub Actions to an immutable SHA instead of version tags. And, as we use Renovate for automatic dependency upgrade, we've configured Renovate to use the full SHA instead of tags. Refer to astral-sh/ruff#16789 and astral-sh/uv#12189.

But, cargo-dist prefers to use version tags instead which is then conflicts with the Renovate behavior. This will mean that the plan step of the release workflow will fail as noted in https://github.com/astral-sh/uv/actions/runs/13911771438/job/38927336337. Our current solution is to use allow-dirty config option which explicitly recommends to avoid using the option.