On review of the recent tj-actions/changed-files compromise we determined that while the .github/workflows/lint_md_changes.yml did point to one of the affected tags, the workflow does not involve any secrets so there was no impact to the project.

However, in the interest of protecting against any future regression, this PR pins the action to a specific sha1 hash instead of a version tag, as the version tags were also compromised in the above incident.

See original issue in tj-actions/changed-files#2463