fix(Linter): pin action SHAs and restrict to changed files only

- Pin actions/checkout@v6 → @de0fac2e (v6) in Linter.yml and Update-Index.yml
- Pin super-linter/super-linter@latest → @9e863354 (v8.6.0)
- Add VALIDATE_ALL_CODEBASE: false so CI only lints files changed in the PR,
  preventing pre-existing issues in overrides/ from blocking unrelated changes

Author: MariusStorhaug

.github/workflows/Linter.yml

@@ -19,15 +19,16 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repo
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           fetch-depth: 0
           persist-credentials: false
 
       - name: Lint code base
-        uses: super-linter/super-linter@latest
+        uses: super-linter/super-linter@9e863354e3ff62e0727d37183162c4a88873df41 # v8.6.0
         env:
           GITHUB_TOKEN: ${{ github.token }}
+          VALIDATE_ALL_CODEBASE: false
           VALIDATE_BIOME_FORMAT: false
           VALIDATE_JSCPD: false
           VALIDATE_JSON_PRETTIER: false

.github/workflows/Update-Index.yml

@@ -14,7 +14,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout repository
-        uses: actions/checkout@v6
+        uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6
         with:
           persist-credentials: false