This reverts commit 22d14ae838.

Bumps [step-security/harden-runner](https://github.com/step-security/harden-runner) from 2.2.1 to 2.5.0.
- [Release notes](https://github.com/step-security/harden-runner/releases)
- [Commits](1f99358870...cba0d00b1fc9a034e1e642ea0f1103c282990604)

---
updated-dependencies:
- dependency-name: step-security/harden-runner
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mandlil <138015259+mandlil@users.noreply.github.com>

Bumps [ossf/scorecard-action](https://github.com/ossf/scorecard-action) from 2.0.6 to 2.2.0.
- [Release notes](https://github.com/ossf/scorecard-action/releases)
- [Changelog](https://github.com/ossf/scorecard-action/blob/main/RELEASE.md)
- [Commits](99c53751e0...08b4669551908b1024bb425080c797723083c031)

---
updated-dependencies:
- dependency-name: ossf/scorecard-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mandlil <138015259+mandlil@users.noreply.github.com>

Bumps [actions/setup-java](https://github.com/actions/setup-java) from 2.5.1 to 3.12.0.
- [Release notes](https://github.com/actions/setup-java/releases)
- [Commits](91d3aa4956...cd89f46ac9d01407894225f350157564c9c7cee2)

---
updated-dependencies:
- dependency-name: actions/setup-java
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: mandlil <138015259+mandlil@users.noreply.github.com>

Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2.2.9 to 2.21.1.
- [Release notes](https://github.com/github/codeql-action/releases)
- [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md)
- [Commits](04df1262e6...6ca1aa8c195c3ca3e77c174fe0356db1bce3b319)

---
updated-dependencies:
- dependency-name: github/codeql-action
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* [StepSecurity] Apply security best practices

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>

* Update codeql.yml

* Update codeql.yml

---------

Signed-off-by: StepSecurity Bot <bot@stepsecurity.io>
Co-authored-by: penmetsaa <penmetsaa@google.com>

- When configured "pull_request[type: opened] + push", workflow not getting triggered when there is a change in PR code/commits when the branch is from the parent's forked repo.
- Configured only pull_request event as any change can only go through PR. 
- pull_request event by default happens when opened, synchronize (means whenever there is change/commit, sync happens), and reopened. So this should be good enough for our use cases.

More details in [approach doc](https://docs.google.com/document/d/1YNYUAlEUXTi4UZG5gEFZGQ7oe7LxNKh7FYSg2qtIUvI/edit#heading=h.1c7qt5y1jb9)

Our objective is to (replicating the previous setup):
- Do Maven test of LPN tool modules common, data and java-build through a Maven profile.
- Also build and test run ant target “junit” that unit tests the java LPN  api jar after being built.
- Check whether LPN’s JS API/files are in ascii format/not. 
- More details are mentioned in [approach doc](https://docs.google.com/document/d/1YNYUAlEUXTi4UZG5gEFZGQ7oe7LxNKh7FYSg2qtIUvI/edit)