Document the SHA used for `actions/upload-artifact`

[andrewmogan]

Following #127, I think it would be helpful to document which SHA of actions/upload-artifact this action calls. This is relevant for anyone who only allows select actions to be run in their repository. In my case, I had actions/upload-pages-artifact@v4 in my list of allowed actions, and suddenly got an error:

The action actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 is not allowed

It wasn't immediately clear to me where that SHA was coming from, considering my workflow doesn't explicitly call actions/upload-artifact. It would be nice to have a note that says something like "make sure to add this SHA to your list of allowed actions, if applicable" to reduce confusion.

Thank you for continuing to maintain this action!