Manually update `gh` to fix PR labeling for now (#5665)

Issue https://github.com/cli/cli/issues/11055 suggests updating the `gh`
tool explicitly until the update gets applied to the github worker
images.

.github/workflows/auto_label_prs.yaml

@@ -17,12 +17,23 @@ jobs:
       - name: Harden Runner
         uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
         with:
-          disable-sudo: true
-          egress-policy: block
+          # TODO: Re-enable `disable-sudo` and `block` when the `Update gh`
+          # step can be removed.
+          # disable-sudo: true
+          # egress-policy: block
+          egress-policy: audit
           # prettier-ignore
           allowed-endpoints: >
             api.github.com:443
 
+      - name: Update gh
+        run: |
+          # Update `gh` to get the fix for https://github.com/cli/cli/issues/11055
+          # TODO: This can be removed once https://github.com/cli/cli/releases/tag/v2.74.1
+          # makes its way to the ubuntu images on GitHub workers.
+          sudo apt update
+          sudo apt install -y gh
+
       - id: filter
         uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2
         with: