fix(deps): update step-security/harden-runner action to v2.9.0 (#116)

This PR contains the following updates:

| Package | Type | Update | Change |
|---|---|---|---|
|
[step-security/harden-runner](https://togithub.com/step-security/harden-runner)
| action | minor | `v2.8.1` -> `v2.9.0` |

---

### Release Notes

<details>
<summary>step-security/harden-runner
(step-security/harden-runner)</summary>

###
[`v2.9.0`](https://togithub.com/step-security/harden-runner/releases/tag/v2.9.0)

[Compare
Source](https://togithub.com/step-security/harden-runner/compare/v2.8.1...v2.9.0)

##### What's Changed

Release v2.9.0 by [@&#8203;h0x0er](https://togithub.com/h0x0er) and
[@&#8203;varunsh-coder](https://togithub.com/varunsh-coder) in
[https://github.com/step-security/harden-runner/pull/435](https://togithub.com/step-security/harden-runner/pull/435)
This release includes:

-   Enterprise Tier - Telemetry Upload Enhancement:
For the enterprise tier, this change helps overcome size constraints,
allowing for more reliable telemetry uploads from the Harden-Runner
agent to the StepSecurity backend API. No configuration change is needed
to enable this.
-   Harden-Runner Agent Authentication:
The Harden-Runner agent now uses a per-job key to authenticate to the
StepSecurity backend API to submit telemetry. This change prevents the
submission of telemetry data anonymously for a given job, improving the
integrity of the data collection process. No configuration change is
needed to enable this.
-   README Update:
A Table of Contents has been added to the README file to improve
navigation. This makes it easier for users to find the information they
need quickly.
-   Dependency Update:
Updated the `braces` npm package dependency to a non-vulnerable version.
The vulnerability in `braces` did not affect the Harden Runner Action

**Full Changelog**:
step-security/harden-runner@v2...v2.9.0

</details>

---

### Configuration

📅 **Schedule**: Branch creation - At any time (no schedule defined),
Automerge - At any time (no schedule defined).

🚦 **Automerge**: Disabled by config. Please merge this manually once you
are satisfied.

♻ **Rebasing**: Whenever PR is behind base branch, or you tick the
rebase/retry checkbox.

🔕 **Ignore**: Close this PR and you won't be reminded about this update
again.

---

- [ ] <!-- rebase-check -->If you want to rebase/retry this PR, check
this box

---

This PR has been generated by [Renovate
Bot](https://togithub.com/renovatebot/renovate).

<!--renovate-debug:eyJjcmVhdGVkSW5WZXIiOiIzNy40MjAuMSIsInVwZGF0ZWRJblZlciI6IjM3LjQyMC4xIiwidGFyZ2V0QnJhbmNoIjoibWFpbiIsImxhYmVscyI6WyJyZW5vdmF0ZSJdfQ==-->

Signed-off-by: Renovate Bot <[email protected]>
Co-authored-by: renovate-gsuquet[bot] <173481049+renovate-gsuquet[bot]@users.noreply.github.com>

.github/workflows/automation-labeler.yml

@@ -32,7 +32,7 @@ jobs:
 
     steps:
     - name: Harden the runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         disable-sudo: true

.github/workflows/deployment-python-pypi.yml

@@ -47,7 +47,7 @@ jobs:
       url: ${{ inputs.environment_url }}
     steps:
       - name: Harden the runner
-        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+        uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
         if: ${{ inputs.harden_runner == true }}
         with:
           egress-policy: audit

.github/workflows/deployment-s3.yml

@@ -41,7 +41,7 @@ jobs:
       contents: read
     steps:
     - name: Harden the runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         egress-policy: audit

.github/workflows/integration-commit-validator.yml

@@ -51,7 +51,7 @@ jobs:
       regex: ${{ steps.set_regex.outputs.regex }}
     steps:
     - name: Harden the runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         disable-sudo: true
@@ -100,7 +100,7 @@ jobs:
       contents: read
     needs: setup
     steps:
-    - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+    - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         disable-sudo: true

.github/workflows/integration-linter-pre-commit.yml

@@ -34,7 +34,7 @@ jobs:
       contents: read
     steps:
     - name: Harden the runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         egress-policy: audit

.github/workflows/integration-modification-script.yml

@@ -51,7 +51,7 @@ jobs:
       BRANCH: ${{ inputs.ref || github.head_ref }}
     steps:
     - name: Harden the runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         disable-sudo: true

.github/workflows/integration-python.yml

@@ -68,7 +68,7 @@ jobs:
       matrix:
         python-version: ${{ fromJSON(needs.setup.outputs.python-versions) }}
     steps:
-      - uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      - uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
         if: ${{ inputs.harden_runner == true }}
         with:
           egress-policy: audit
@@ -101,7 +101,7 @@ jobs:
         python-version: ${{ fromJSON(needs.setup.outputs.python-versions) }}
     steps:
       - name: Harden the runner
-        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+        uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
         if: ${{ inputs.harden_runner == true }}
         with:
           egress-policy: audit

.github/workflows/security-codacy.yml

@@ -30,7 +30,7 @@ jobs:
 
     steps:
     - name: Harden the runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         egress-policy: audit

.github/workflows/security-codeql.yml

@@ -40,7 +40,7 @@ jobs:
 
     steps:
     - name: Harden the runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         egress-policy: audit

.github/workflows/security-dependencies.yml

@@ -38,7 +38,7 @@ jobs:
 
     steps:
     - name: Harden the runner
-      uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+      uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
       if: ${{ inputs.harden_runner != false }}
       with:
         disable-sudo: true

.github/workflows/security-ossf-scorecard.yml

@@ -41,7 +41,7 @@ jobs:
 
     steps:
       - name: Harden the runner
-        uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
+        uses: step-security/harden-runner@0d381219ddf674d61a7572ddd19d7941e271515c # v2.9.0
         if: ${{ inputs.harden_runner != false }}
         with:
           disable-sudo: true