feat: add steps to harden runner and checkout in build workflow

Author: juliankoehn

.github/workflows/build.yml

@@ -12,6 +12,16 @@ jobs:
     timeout-minutes: 30
 
     steps:
+      - name: Harden the runner (Audit all outbound calls)
+        uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0
+        with:
+          egress-policy: audit
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 1
+
       - name: Build & Cache Web Binaries
         uses: ./.github/actions/cache-build-web
         id: cache-build-web