ci(github-action): update step-security/harden-runner action to v2.9.0

[renovate]

This PR contains the following updates:

Package	Type	Update	Change	OpenSSF
step-security/harden-runner	action	minor	v2.8.1 -> v2.9.0

---

Release Notes

step-security/harden-runner (step-security/harden-runner)

v2.9.0

Compare Source

What's Changed

Release v2.9.0 by @​h0x0er and @​varunsh-coder in https://github.com/step-security/harden-runner/pull/435
This release includes:

• Enterprise Tier - Telemetry Upload Enhancement:
  For the enterprise tier, this change helps overcome size constraints, allowing for more reliable telemetry uploads from the Harden-Runner agent to the StepSecurity backend API. No configuration change is needed to enable this.
• Harden-Runner Agent Authentication:
  The Harden-Runner agent now uses a per-job key to authenticate to the StepSecurity backend API to submit telemetry. This change prevents the submission of telemetry data anonymously for a given job, improving the integrity of the data collection process. No configuration change is needed to enable this.
• README Update:
  A Table of Contents has been added to the README file to improve navigation. This makes it easier for users to find the information they need quickly.
• Dependency Update:
  Updated the braces npm package dependency to a non-vulnerable version. The vulnerability in braces did not affect the Harden Runner Action

Full Changelog: step-security/harden-runner@v2...v2.9.0

---

Configuration

📅 Schedule: Branch creation - "before 4am" (UTC), Automerge - At any time (no schedule defined).

🚦 Automerge: Disabled by config. Please merge this manually once you are satisfied.

♻ Rebasing: Whenever PR becomes conflicted, or you tick the rebase/retry checkbox.

🔕 Ignore: Close this PR and you won't be reminded about this update again.

---

• If you want to rebase/retry this PR, check this box

---

This PR was generated by Mend Renovate. View the repository job log.