chore: add release-assets.githubusercontent.com to allowed sites for harden runner (#337)

Author: akerekes

.github/workflows/codeql.yml

@@ -14,15 +14,15 @@ jobs:
   analyze:
     name: Analyze
     runs-on: ubuntu-latest
-    
+
     permissions:
       actions: read
       contents: read
       security-events: write
 
     strategy:
       fail-fast: false
-      matrix: 
+      matrix:
         # Autobuild each of these seperate maven projects
         working-directory: ['invoker', 'functions-framework-api', 'function-maven-plugin']
 
@@ -37,10 +37,11 @@ jobs:
           github.com:443
           objects.githubusercontent.com:443
           proxy.golang.org:443
+          release-assets.githubusercontent.com:443
           repo.maven.apache.org:443
           storage.googleapis.com:443
           uploads.github.com:443
-          
+
     - name: Checkout repository
       uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
 
@@ -57,8 +58,6 @@ jobs:
         # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
         # queries: security-extended,security-and-quality
 
-
-    
     - name: Build
       run: |
         (cd functions-framework-api/ && mvn install)

.github/workflows/scorecard.yml

@@ -43,7 +43,7 @@ jobs:
             www.bestpractices.dev:443
             *.sigstore.dev:443
             *.github.com:443
-          
+
       - name: "Checkout code"
         uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
         with: