fix: handle sha_pinning_required=false

[sheeeng]

Replace d.GetOk() with d.HasChange() || d.IsNewResource() to properly handle boolean false values. The GetOk() method returns ok=false for zero-value booleans, causing sha_pinning_required = false to be silently ignored and never sent to the GitHub API.

This fix ensures both true and false values are correctly applied, eliminating perpetual drift when disabling SHA pinning enforcement.

The sha_pinning_required option was introduced in #2870.

Affects github_actions_organization_permissions and github_actions_repository_permissions resources.

Resolve #3223.

---

Before the change?

• Setting sha_pinning_required = false applied successfully in Terraform, but not actually changed in GitHub resources itself.

After the change?

• Setting sha_pinning_required = false applied successfully in Terraform, and actually changed in GitHub resources itself.

Pull request checklist

• Schema migrations have been created if needed (example)
• Tests for the changes have been added (for bug fixes / features)
• Docs have been reviewed and added / updated if needed (for bug fixes / features)

Does this introduce a breaking change?

Please see our docs on breaking changes to help!

• Yes
• No

---

[github-actions]

👋 Hi! Thank you for this contribution! Just to let you know, our GitHub SDK team does a round of issue and PR reviews twice a week, every Monday and Friday! We have a process in place for prioritizing and responding to your input. Because you are a part of this community please feel free to comment, add to, or pick up any issues/PRs that are labeled with Status: Up for grabs. You & others like you are the reason all of this works! So thank you & happy coding! 🚀