Add security monitoring to GitHub-hosted runner for e2e-tests.yaml

[varunsh-coder]

What issue type does this pull request address? (keep at least one, remove the others)

/kind enhancement

What does this pull request do? Which issues does it resolve? (use resolves #<issue_number> if possible)

This pull request adds step-security/harden-runner GitHub Action to the e2e-tests.yaml workflow. This GitHub Action adds security monitoring and policy-based controls to the GitHub-hosted runner (Ubuntu VM) before other steps run.

In the current configuration egress-policy: audit, it will monitor the outbound traffic, and display a report of outbound traffic (report when run on a fork). After it runs a couple of times, based on the outbound traffic observed, I can create another PR to restrict outbound traffic to only expected endpoints.

Running this in end-to-end tests can help discover unexpected outbound traffic, which may be due to a compromised/ hijacked dependency.

Please provide a short message that should be published in the DevSpace release notes Added security monitoring to hosted runner for e2e-tests.yaml

What else do we need to know? @LukasGentele as discussed offline, creating this PR to pilot step-security/harden-runner. Appreciate feedback/ suggestions for improvement. Thanks!

[varunsh-coder]

Thanks @pratikjagrut for running the workflow. You can find link to report of outbound traffic at https://github.com/loft-sh/devspace/runs/4799122823?check_suite_focus=true#step:3:8

I am curious what you think of the outbound calls. Are they as expected?