Pin documentation Ruby Dependencies

[jasinner]

The TAC Security Baseline specifies that dependencies must be locked by the 'Direct dependencies are pinned in internet or infrastructure services and applications your project provides.' entry.

While Python and Go dependencies are locked with hashes, in various Pipfile.lock and go.sum files, the Gemfile.lock dependencies are not pinned. That seems to be required from reading the referenced scorecard entry.