feat(security): security best practices from StepSecurity

[stepsecurity-app]

Context

This pull request has been generated by StepSecurity as part of your enterprise subscription to ensure compliance with recommended security best practices. Please review and merge the pull request to apply these security enhancements.

Description

Harden Runner

Harden-Runner is an open-source security agent for the GitHub-hosted runner to prevent software supply chain attacks. It prevents exfiltration of credentials, detects tampering of source code during build, and enables running jobs without sudo access.

• GitHub Security Guide
• The Open Source Security Foundation (OpenSSF) Security Guide

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

[codecov-commenter]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 97.02%. Comparing base (3853467) to head (7b0a788).

Additional details and impacted files

@@           Coverage Diff           @@
##             main     #273   +/-   ##
=======================================
  Coverage   97.02%   97.02%           
=======================================
  Files          64       64           
  Lines        1043     1043           
=======================================
  Hits         1012     1012           
  Misses         31       31           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.