ci: fix Scorecard issues

see: https://github.com/loopbackio/strong-error-handler/security/code-scanning/7
see: https://github.com/loopbackio/strong-error-handler/security/code-scanning/6
see: https://github.com/loopbackio/strong-error-handler/security/code-scanning/5
see: loopbackio/security#27
Signed-off-by: Rifa Achrinza <[email protected]>

Author: achrinza

.github/workflows/codeql-analysis.yml

@@ -1,4 +1,4 @@
-name: "CodeQL"
+name: CodeQL
 
 on:
   push:
@@ -9,20 +9,33 @@ on:
   schedule:
     - cron: '0 13 * * 6'
 
+permissions: {}
+
 jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
+    permissions:
+      security-events: write
+      actions: read
 
     steps:
+    - uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
+      with:
+        disable-sudo: true
+        egress-policy: audit
+
     - name: Checkout repository
-      uses: actions/checkout@8ade135a41bc03ea155e62e844d188df1ea18608 # v4
+      uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+      with:
+        persist-credentials: false
 
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
       with:
-        languages: 'javascript'
-        config-file: ./.github/codeql/codeql-config.yml
+        languages: javascript-typescript
+        config-file: .github/codeql/codeql-config.yml
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+