Add the step-security/harden-runner GH Action

This GH Action is being configured to run in audit mode.  It should
warn us if an Action is reaching out to an unexpected web address,
overwriting source code, etc.

Co-authored-by: felddy <[email protected]>

Author: 2 people

.github/dependabot.yml

@@ -18,6 +18,7 @@ updates:
     #   - dependency-name: crazy-max/ghaction-github-status
     #   - dependency-name: hashicorp/setup-terraform
     #   - dependency-name: mxschmitt/action-tmate
+    #   - dependency-name: step-security/harden-runner
     package-ecosystem: github-actions
     schedule:
       interval: weekly

.github/workflows/build.yml

@@ -18,6 +18,11 @@ jobs:
     name: Run diagnostics
     runs-on: ubuntu-latest
     steps:
+      - id: harden-runner
+        name: Harden the runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
       - id: github-status
         name: Check GitHub status
         uses: crazy-max/ghaction-github-status@v3