ci : Modify Harden Runner action egress-policy to block

Harden Runner action seems to restrict outgoing traffic to only a
specific set of allowed endpoints.

Initial mode `audit` generates a report on https://app.stepsecurity.io/
that recommends what endpoints are accessed during workflow run.

Signed-off-by: Rohan Kumar <[email protected]>

.github/workflows/license.yml

@@ -31,7 +31,13 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            api.adoptopenjdk.net:443
+            github.com:443
+            objects.githubusercontent.com:443
+            repo.maven.apache.org:443
 
       - name: Checkout
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c

.github/workflows/quickstarts.yml

@@ -31,7 +31,24 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@18bf8ad2ca49c14cbb28b91346d626ccfb00c518
         with:
-          egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
+          disable-sudo: true
+          egress-policy: block
+          allowed-endpoints: >
+            access.redhat.com:443
+            api.adoptopenjdk.net:443
+            downloads.gradle-dn.com:443
+            github.com:443
+            jcenter.bintray.com:443
+            maven.repository.redhat.com:443
+            objects.githubusercontent.com:443
+            oss.sonatype.org:443
+            plugins-artifacts.gradle.org:443
+            plugins.gradle.org:443
+            repo.gradle.org:443
+            repo.maven.apache.org:443
+            repo1.maven.org:443
+            repository.jboss.org:443
+            services.gradle.org:443
 
       - name: Checkout
         uses: actions/checkout@ac593985615ec2ede58e132d2e21d2b1cbd6127c