[StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <[email protected]>

Author: stepsecurity-app[bot]

.github/workflows/openrpc-updater.yml

@@ -9,11 +9,19 @@ on:
       - 'docs/openrpc.json'
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   clone-and-build-execution-apis:
     runs-on: ubuntu-latest
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        with:
+          egress-policy: audit
+
       - name: Checkout execution-apis repo
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
@@ -44,14 +52,19 @@ jobs:
     runs-on: ubuntu-latest
     needs: clone-and-build-execution-apis
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        with:
+          egress-policy: audit
+
       - name: Checkout repository
         uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
         with:
           ref: 'main'
           token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
 
       - name: Download openrpc.json artifact
-        uses: actions/download-artifact@v4
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
         with:
           name: openrpc
           path: ./downloaded-artifacts/