[StepSecurity] ci: Harden GitHub Actions

[step-security-bot]

Summary

This pull request is created by StepSecurity at the request of @Alan-Jowett. Please merge the Pull Request to incorporate the requested changes. Please tag @Alan-Jowett on your message if you have any questions related to the PR.

Security Fixes

Harden Runner

Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access.

Harden runner usage

You can find link to view insights and policy recommendation in the build log Please refer to [documentation](https://docs.stepsecurity.io/harden-runner/how-tos/enable-runtime-security) to find more details.

Feedback

For bug reports, feature requests, and general feedback; please email support@stepsecurity.io. To create such PRs, please visit https://app.stepsecurity.io/securerepo.

Signed-off-by: StepSecurity Bot bot@stepsecurity.io

[coveralls]

coverage: 81.564%. remained the same when pulling ed119d3113a98fbcd08c8d769fa36d1aef11a360 on step-security-bot:stepsecurity_remediation_1716165234 into f245933f886174e137a9a2425f18cfdf12dd262a on iovisor:main.