Enable storing harden-runner policy in a separate file #271
Description
This file can either be in the same or a separate repository.
It can then be referenced by harden-runner using the policy attribute. Currently, the policy attribute only fetches the policy from the policy store (which uses a back-end API).
This will enable storing the policy as code and allow sharing a policy across jobs and updating it without the need to update workflow files.