Update GitHub Actions to comply with Security Team Requirements

[data-sync-user]

The security team recently audited our new GitHub Actions and in addition to making some changes, put forward a few follow ups for us:

• According to our guidelines and the checklist in this document: +Github actions security checklist - Firefox Sync+

• Follow ups: Several items in zizmor [see doc above] results which still need to be reviewed by the team:

• Configure a cooldown period for dependabot updates

  • https://docs.github.com/en/code-security/reference/supply-chain-security/dependabot-options-reference  

• Ensure that Github actions are updated using dependabot, instructions

• If no specific permissions are required, set permissions: {} on the job level

• Go over the general checklist to see if you need to implement any of the items

┆Issue is synchronized with this Jira Task