[improve](sec): jekyll.yml(step-security suggestion) (#614)

Signed-off-by: Ralph Hightower <32745442+RalphHightower@users.noreply.github.com>

.github/workflows/jekyll.yml

@@ -31,32 +31,39 @@ jobs:
   build:
     runs-on: ubuntu-latest
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
-        with:
-          egress-policy: audit
+     - name: Harden Runner
+       uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+       with:
+        disable-sudo: true
+        egress-policy: block
+        allowed-endpoints: >
+         api.github.com:443
+         github.com:443
+         index.rubygems.org:443
+         objects.githubusercontent.com:443
+         rubygems.org:443
 
-      - name: Checkout
-        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
-      - name: Setup Ruby
-        uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
-        with:
+     - name: Checkout
+       uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+     - name: Setup Ruby
+       uses: ruby/setup-ruby@4a9ddd6f338a97768b8006bf671dfbad383215f4 # v1.207.0
+       with:
           ruby-version: '3.3.6' # Not needed with a .ruby-version file
           bundler-cache: true # runs 'bundle install' and caches installed gems automatically
           cache-version: 1 # Increment this number if you need to re-download cached gems
-      - name: Setup Pages
-        id: pages
-        uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
-      - name: Build with Jekyll
-        # Outputs to the './_site' directory by default
-        run: bundle exec jekyll build --trace --incremental --baseurl "${{ steps.pages.outputs.base_path }}"
-        env:
+     - name: Setup Pages
+       id: pages
+       uses: actions/configure-pages@983d7736d9b0ae728b81ab479565c72886d7745b # v5.0.0
+     - name: Build with Jekyll
+       # Outputs to the './_site' directory by default
+       run: bundle exec jekyll build --trace --incremental --baseurl "${{ steps.pages.outputs.base_path }}"
+       env:
           JEKYLL_ENV: production
           JEKYLL_GITHUB_TOKEN: ${{secrets.JEKYLL_METADATA_TOKEN}}
           LOG_LEVEL: debug 
-      - name: Upload artifact
-        # Automatically uploads an artifact from the './_site' directory by default
-        uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
+     - name: Upload artifact
+       # Automatically uploads an artifact from the './_site' directory by default
+       uses: actions/upload-pages-artifact@56afc609e74202658d3ffba0e8f6dda462b719fa # v3.0.1
 
   # Deployment job
   deploy:
@@ -66,11 +73,18 @@ jobs:
     runs-on: ubuntu-latest
     needs: build
     steps:
-      - name: Harden Runner
-        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
-        with:
-          egress-policy: audit
-
-      - name: Deploy to GitHub Pages
-        id: deployment
-        uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5
+        - name: Harden Runner
+          uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
+          with:
+            disable-sudo: true
+            egress-policy: block
+            allowed-endpoints: >
+              api.github.com:443
+              github.com:443
+              index.rubygems.org:443
+              objects.githubusercontent.com:443
+              rubygems.org:443
+        
+        - name: Deploy to GitHub Pages
+          id: deployment
+          uses: actions/deploy-pages@d6db90164ac5ed86f2b6aed7e0febac5b3c0c03e # v4.0.5