Add a harden-runner task to the lint job as well

This task can only provide coverage for the job that contains it.

Author: jsf9k

.github/workflows/build.yml

@@ -34,6 +34,11 @@ jobs:
       - diagnostics
     runs-on: ubuntu-latest
     steps:
+      - id: harden-runner
+        name: Harden the runner
+        uses: step-security/harden-runner@v2
+        with:
+          egress-policy: audit
       - id: setup-env
         uses: cisagov/setup-env-github-action@develop
       - uses: actions/checkout@v4