feat: add harden runner in audit mode to critical workflows

Similar to NativeScript/android#1842

Author: UlisesGascon

.github/workflows/npm_release.yml

@@ -17,6 +17,10 @@ jobs:
       npm_version: ${{ steps.npm_version_output.outputs.NPM_VERSION }}
       npm_tag: ${{ steps.npm_version_output.outputs.NPM_TAG }}
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
       - uses: maxim-lobanov/setup-xcode@v1
         with:
           xcode-version: ${{env.XCODE_VERSION}}
@@ -75,6 +79,10 @@ jobs:
     runs-on: macos-14
     needs: build
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
       - uses: maxim-lobanov/setup-xcode@v1
         with:
           xcode-version: ${{env.XCODE_VERSION}}
@@ -138,6 +146,10 @@ jobs:
       NPM_VERSION: ${{needs.build.outputs.npm_version}}
       NPM_TAG: ${{needs.build.outputs.npm_tag}}
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
       - uses: actions/setup-node@v3
         with:
           node-version: 20
@@ -164,6 +176,10 @@ jobs:
     env:
       NPM_VERSION: ${{needs.build.outputs.npm_version}}
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0
+        with:
+          egress-policy: audit
       - uses: actions/checkout@v3
         with:
           fetch-depth: 0