fix: pin inputs (#17471)

## Summary
- Pin Rust git patch dependencies to immutable revisions and make
cargo-deny reject unknown git and registry sources unless explicitly
allowlisted.
- Add checked-in SHA-256 coverage for the current rusty_v8 release
assets, wire those hashes into Bazel, and verify CI override downloads
before use.
- Add rusty_v8 MODULE.bazel update/check tooling plus a Bazel CI guard
so future V8 bumps cannot drift from the checked-in checksum manifest.
- Pin release/lint cargo installs and all external GitHub Actions refs
to immutable inputs.

## Future V8 bump flow
Run these after updating the resolved `v8` crate version and checksum
manifest:

```bash
python3 .github/scripts/rusty_v8_bazel.py update-module-bazel
python3 .github/scripts/rusty_v8_bazel.py check-module-bazel
```

The update command rewrites the matching `rusty_v8_<crate_version>`
`http_file` SHA-256 values in `MODULE.bazel` from
`third_party/v8/rusty_v8_<crate_version>.sha256`. The check command is
also wired into Bazel CI to block drift.

## Notes
- This intentionally excludes RustSec dependency upgrades and
bubblewrap-related changes per request.
- The branch was rebased onto the latest origin/main before opening the
PR.

## Validation
- cargo fetch --locked
- cargo deny check advisories
- cargo deny check
- cargo deny check sources
- python3 .github/scripts/rusty_v8_bazel.py check-module-bazel
- python3 .github/scripts/rusty_v8_bazel.py update-module-bazel
- python3 -m unittest discover -s .github/scripts -p
'test_rusty_v8_bazel.py'
- python3 -m py_compile .github/scripts/rusty_v8_bazel.py
.github/scripts/rusty_v8_module_bazel.py
.github/scripts/test_rusty_v8_bazel.py
- repo-wide GitHub Actions `uses:` audit: all external action refs are
pinned to 40-character SHAs
- yq eval on touched workflows and local actions
- git diff --check
- just bazel-lock-check

## Hash verification
- Confirmed `MODULE.bazel` hashes match
`third_party/v8/rusty_v8_146_4_0.sha256`.
- Confirmed GitHub release asset digests for denoland/rusty_v8
`v146.4.0` and openai/codex `rusty-v8-v146.4.0` match the checked-in
hashes.
- Streamed and SHA-256 hashed all 10 `MODULE.bazel` rusty_v8 asset URLs
locally; every downloaded byte stream matched both `MODULE.bazel` and
the checked-in manifest.

## Pin verification
- Confirmed signing-action pins match the peeled commits for their tag
comments: `sigstore/cosign-installer@v3.7.0`, `azure/login@v2`, and
`azure/trusted-signing-action@v0`.
- Pinned the remaining tag-based action refs in Bazel CI/setup:
`actions/setup-node@v6`, `facebook/install-dotslash@v2`,
`bazelbuild/setup-bazelisk@v3`, and `actions/cache/restore@v5`.
- Normalized all `bazelbuild/setup-bazelisk@v3` refs to the peeled
commit behind the annotated tag.
- Audited Cargo git dependencies: every manifest git dependency uses
`rev` only, every `Cargo.lock` git source has `?rev=<sha>#<same-sha>`,
and `cargo deny check sources` passes with `required-git-spec = "rev"`.
- Shallow-fetched each distinct git dependency repo at its pinned SHA
and verified Git reports each object as a commit.

.github/scripts/test_rusty_v8_bazel.py

@@ -0,0 +1,126 @@
+#!/usr/bin/env python3
+
+from __future__ import annotations
+
+import textwrap
+import unittest
+
+import rusty_v8_module_bazel
+
+
+class RustyV8BazelTest(unittest.TestCase):
+    def test_update_module_bazel_replaces_and_inserts_sha256(self) -> None:
+        module_bazel = textwrap.dedent(
+            """\
+            http_file(
+                name = "rusty_v8_146_4_0_x86_64_unknown_linux_gnu_archive",
+                downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
+                sha256 = "0000000000000000000000000000000000000000000000000000000000000000",
+                urls = [
+                    "https://example.test/librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
+                ],
+            )
+
+            http_file(
+                name = "rusty_v8_146_4_0_x86_64_unknown_linux_musl_binding",
+                downloaded_file_path = "src_binding_release_x86_64-unknown-linux-musl.rs",
+                urls = [
+                    "https://example.test/src_binding_release_x86_64-unknown-linux-musl.rs",
+                ],
+            )
+
+            http_file(
+                name = "rusty_v8_145_0_0_x86_64_unknown_linux_gnu_archive",
+                downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
+                sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+                urls = [
+                    "https://example.test/old.gz",
+                ],
+            )
+            """
+        )
+        checksums = {
+            "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz": (
+                "1111111111111111111111111111111111111111111111111111111111111111"
+            ),
+            "src_binding_release_x86_64-unknown-linux-musl.rs": (
+                "2222222222222222222222222222222222222222222222222222222222222222"
+            ),
+        }
+
+        updated = rusty_v8_module_bazel.update_module_bazel_text(
+            module_bazel,
+            checksums,
+            "146.4.0",
+        )
+
+        self.assertEqual(
+            textwrap.dedent(
+                """\
+                http_file(
+                    name = "rusty_v8_146_4_0_x86_64_unknown_linux_gnu_archive",
+                    downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
+                    sha256 = "1111111111111111111111111111111111111111111111111111111111111111",
+                    urls = [
+                        "https://example.test/librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
+                    ],
+                )
+
+                http_file(
+                    name = "rusty_v8_146_4_0_x86_64_unknown_linux_musl_binding",
+                    downloaded_file_path = "src_binding_release_x86_64-unknown-linux-musl.rs",
+                    sha256 = "2222222222222222222222222222222222222222222222222222222222222222",
+                    urls = [
+                        "https://example.test/src_binding_release_x86_64-unknown-linux-musl.rs",
+                    ],
+                )
+
+                http_file(
+                    name = "rusty_v8_145_0_0_x86_64_unknown_linux_gnu_archive",
+                    downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
+                    sha256 = "ffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff",
+                    urls = [
+                        "https://example.test/old.gz",
+                    ],
+                )
+                """
+            ),
+            updated,
+        )
+        rusty_v8_module_bazel.check_module_bazel_text(updated, checksums, "146.4.0")
+
+    def test_check_module_bazel_rejects_manifest_drift(self) -> None:
+        module_bazel = textwrap.dedent(
+            """\
+            http_file(
+                name = "rusty_v8_146_4_0_x86_64_unknown_linux_gnu_archive",
+                downloaded_file_path = "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
+                sha256 = "1111111111111111111111111111111111111111111111111111111111111111",
+                urls = [
+                    "https://example.test/librusty_v8_release_x86_64-unknown-linux-gnu.a.gz",
+                ],
+            )
+            """
+        )
+        checksums = {
+            "librusty_v8_release_x86_64-unknown-linux-gnu.a.gz": (
+                "1111111111111111111111111111111111111111111111111111111111111111"
+            ),
+            "orphan.gz": (
+                "2222222222222222222222222222222222222222222222222222222222222222"
+            ),
+        }
+
+        with self.assertRaisesRegex(
+            rusty_v8_module_bazel.RustyV8ChecksumError,
+            "manifest has orphan.gz",
+        ):
+            rusty_v8_module_bazel.check_module_bazel_text(
+                module_bazel,
+                checksums,
+                "146.4.0",
+            )
+
+
+if __name__ == "__main__":
+    unittest.main()