chore(cicd): update Harden Github Actions policy + remove unused ZAP artifact

Author: timoa

.github/workflows/nodejs.yml

@@ -146,7 +146,25 @@ jobs:
       - name: Harden GitHub Actions Runner
         uses: step-security/harden-runner@dd5681a7d0c66fb362664d618ef4a90d656f6516
         with:
-          egress-policy: audit
+          egress-policy: block
+          allowed-endpoints: >
+            api.github.com:443
+            auth.docker.io:443
+            bit.ly:443
+            content-signature-2.cdn.mozilla.net:443
+            firefox.settings.services.mozilla.com:443
+            github.com:443
+            news.zaproxy.org:443
+            objects.githubusercontent.com:443
+            pipelines.actions.githubusercontent.com:443
+            production.cloudflare.docker.com:443
+            raw.githubusercontent.com:443
+            registry-1.docker.io:443
+            registry.npmjs.org:443
+            shavar.services.mozilla.com:443
+            snyk.io:443
+            tel.zaproxy.org:443
+            tracking-protection.cdn.mozilla.net:443
 
       - name: Checkout
         uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # tag=v3.0.2
@@ -174,12 +192,6 @@ jobs:
         with:
           target: http://localhost:3000
 
-      - name: Save the ZAP reports
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # tag=v3.1.0
-        with:
-          name: zap-reports
-          path: report_*.*
-
   # -- PRE-RELEASE ------------------------------------------------------------
   pre-release:
     name: Prepare Release