Harden CI, workflow refs, and bootstrap supply-chain paths

[davisbuilds]

Summary

• replace fresh-resolution and mutable bootstrap paths in CI with locked pnpm and pinned tool versions
• pin GitHub Actions to immutable SHAs and add explicit top-level permission floors across workflows
• harden Docker and helper bootstrap paths by removing latest and curl | sh style behavior where possible

What changed

• switch the nested web/node-pty source-build jobs from npm install to locked pnpm install --frozen-lockfile --ignore-scripts
• pin Zig to 0.15.2, Bun to 1.3.11, and add packageManager metadata to web/node-pty
• pin anthropics/claude-code-action, google-github-actions/run-gemini-cli, and the active actions/* workflow refs to commit SHAs
• add explicit top-level permissions: blocks across workflow files and narrow a few write scopes
• replace npm@latest / pnpm@latest, curl | bash, and other mutable bootstrap fallbacks in Dockerfiles and helper scripts with pinned or fail-closed behavior

Verification

• workflow YAML parses cleanly
• no mutable @main, @beta, @release/*, or @vN refs remain under .github/workflows
• no workflow file is missing a top-level permissions: block

Notes

• macos-latest in the mac workflow was left unchanged intentionally because the workflow already pins Xcode explicitly, and changing hosted macOS images is a separate compatibility decision.
• This branch is cut cleanly from upstream main and excludes fork-local guidance doc changes.