Pin Psalm version for security analysis

The action will otherwise pull dev-master and this can break easily as
we just experience.

Signed-off-by: Christoph Wurst <christoph@winzerhof-wurst.at>

.github/workflows/psalm-github.yml

@@ -17,7 +17,7 @@ jobs:
         with:
           submodules: recursive
       - name: Psalm
-        uses: docker://vimeo/psalm-github-actions
+        uses: docker://vimeo/psalm-github-actions:4.9.3
         continue-on-error: true
         with:
           composer_ignore_platform_reqs: false

.github/workflows/psalm-security.yml

@@ -17,7 +17,7 @@ jobs:
         with:
           submodules: recursive
       - name: Psalm
-        uses: docker://vimeo/psalm-github-actions
+        uses: docker://vimeo/psalm-github-actions:4.9.3
         with:
           security_analysis: true
           composer_ignore_platform_reqs: false