fix: update README.md file to list explicit secure practices to apply

Update README.md to explictly list secure practices for updating GItHub
Actions taken from GitHub security documentation and examples from a few
security blogs.

When GeoNet migrated to GitHub Actions it was noted at the time to use
the full-length commit SHA value to securely use external 3rd-party code
to avoid the sort of supply chain attaks seen with Trivy scanner and
malicious overwriting of all version tags for Trivy scanner GitHub actions.

Author: ardrigh