fix(ci): pin gosec and govulncheck-action to concrete version tags

.gitea/workflows/prepare-release.yml

@@ -49,12 +49,12 @@ jobs:
           go mod verify
 
       - name: Run gosec security analysis
-        uses: securego/gosec@v2
+        uses: securego/gosec@v2.22.4
         with:
           args: ./...
 
       - name: Run govulncheck
-        uses: golang/govulncheck-action@v1
+        uses: golang/govulncheck-action@v1.1.4
         with:
           go-package: ./...
           cache: true