Pin GitHub Actions to immutable commit SHAs in single-postgres-windows.yml

[coderabbitai]

Summary

The new workflow .github/workflows/single-postgres-windows.yml (introduced in PR #1182) references external actions using mutable version tags rather than immutable commit SHAs. Using mutable tags leaves the workflow open to upstream tag retargeting and supply-chain drift.

Dependabot (.github/dependabot.yml) is already configured with package-ecosystem: github-actions and will raise PRs to keep these pinned; this issue tracks the initial pinning.

Actions to pin

Step	Current reference	Notes
checkout	actions/checkout@v6
pipenv-setup	fizyk/actions-reuse/.github/actions/pipenv-setup@v4.4.4
setup-postgres	ankane/setup-postgres@v1
pipenv-run (×2)	fizyk/actions-reuse/.github/actions/pipenv-run@v4.4.4
upload-artifact	actions/upload-artifact@v7
codecov-action	codecov/codecov-action@v6.0.0

Suggested approach

Replace each mutable tag with the full 40-character commit SHA of that release, leaving the tag in a trailing comment for readability, e.g.:

- uses: actions/checkout@<40-char-sha> # v6

Once pinned, Dependabot will keep them up to date automatically via PRs.

---

Backlink: PR #1182, comment #1182 (comment)
Requested by: @fizyk