feat: workflow to update actions dist

[ramonpetgrave64]

Summary

Similar to slsa-verifier's slsa-framework/slsa-verifier#760

This PR adds a manually-invoked workflow to run against renovate-bot's PRs to update the node dist folders.

I made one small change to use the ${{ inputs.pr_number }} as an environment variable, to harden against script injection. See also slsa-framework/slsa-verifier#771

Also updating shellckeck to fix this lint error:

• https://github.com/slsa-framework/slsa-github-generator/actions/runs/9101693389/job/25019502486#step:4:21

Error: input type of workflow_dispatch event must be one of "string", "boolean", "choice", "environment" but got "number"

Testing Process

I ran this against my fork's version of PR #3649. It did update the dist folders and the check-dists checks pass

• https://github.com/ramonpetgrave64/slsa-github-generator/actions/runs/9101190828/job/25017786420?pr=9
  • https://github.com/slsa-framework/slsa-verifier/pull/760/files#diff-4c6b93aa75d5affde60dc3849606c9acd75ed444d52e99f3055fc0c7aa77e9e0

Checklist

• Review the contributing guidelines
• Add a reference to related issues in the PR description.
• Update documentation if applicable.
• Add unit tests if applicable.
• Add changes to the CHANGELOG if applicable.

[ramonpetgrave64]

@ianlewis

[ianlewis]

Nice. 1.7.0 has initial support for GitHub actions actions.yml and not just workflows.
https://github.com/rhysd/actionlint/releases/tag/v1.7.0

[ianlewis]

nit: I think we typically have 2 space indentation for the yaml files though it looks like the linter doesn't currently enforce it.