Pin actions/setup-node to a specific SHA

[takaaki7]

To improve security and mitigate potential supply chain attacks, please consider pinning the actions/setup-node@v4 action to a specific commit SHA.

This ensures the workflow always uses a specific, verified version of the action.

Current usage: https://github.com/DataDog/junit-upload-github-action/blob/main/action.yaml#L55

Please use the latest appropriate SHA for the v4 tag.