fix: SonarQube Security hotspots

[Warren-Pitterson]

Description

This PR addresses security hotspots identified in the codebase by implementing security hardening measures across CI/CD workflows and deployment scripts.

Context

https://nhsd-jira.digital.nhs.uk/browse/DTOSS-12234

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[github-actions]

Unit Test Results

✔️ Tests 975 / 975 - passed in 70.7s
📝 Coverage 47.76%
📏 4755 / 10228 lines covered 🌿 1167 / 2172 branches covered
🔍 click here for more details

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud