actions: clarify IP address ranges for self hosted runners (#22460)

* actions: don't recommend users allow-list our hosted runners

There are too many IP addresses for our hosted runners for users to use
them as an allow-list.  In fact, we have a note where we _don't_
recommend that they use this.  Remove a contradictory sentence below.

* ip addresses: clarify what these ip addresses are

* self-hosted: clarify inbound/outbound requirements

* Update content/actions/hosting-your-own-runners/about-self-hosted-runners.md

* Update content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md

Co-authored-by: hubwriter <[email protected]>

Author: Edward Thomson

content/actions/hosting-your-own-runners/about-self-hosted-runners.md

@@ -137,6 +137,8 @@ If you use an IP address allow list for your {% data variables.product.prodname_
 
 {% ifversion fpt or ghec %}
 
+Since the self-hosted runner opens a connection to {% data variables.product.prodname_dotcom %}, you do not need to allow {% data variables.product.prodname_dotcom %} to make inbound connections to your self-hosted runner.
+
 You must ensure that the machine has the appropriate network access to communicate with the {% data variables.product.prodname_dotcom %} URLs listed below.
 
 {% note %}

content/actions/using-github-hosted-runners/about-github-hosted-runners.md

@@ -106,9 +106,11 @@ You can install additional software on {% data variables.product.prodname_dotcom
 
 {% endnote %}
 
+To get a list of IP address ranges that {% data variables.product.prodname_actions %} uses for {% data variables.product.prodname_dotcom %}-hosted runners, you can use the {% data variables.product.prodname_dotcom %} REST API. For more information, see the `actions` key in the response of the "[Get GitHub meta information](/rest/reference/meta#get-github-meta-information)" endpoint.
+
 Windows and Ubuntu runners are hosted in Azure and subsequently have the same IP address ranges as the Azure datacenters. macOS runners are hosted in {% data variables.product.prodname_dotcom %}'s own macOS cloud.
 
-To get a list of IP address ranges that {% data variables.product.prodname_actions %} uses for {% data variables.product.prodname_dotcom %}-hosted runners, you can use the {% data variables.product.prodname_dotcom %} REST API . For more information, see the `actions` key in the response of the "[Get GitHub meta information](/rest/reference/meta#get-github-meta-information)" endpoint. You can use this list of IP addresses if you require an allow-list to prevent unauthorized access to your internal resources.
+Since there are so many IP address ranges for {% data variables.product.prodname_dotcom %}-hosted runners, we do not recommend that you use these as allow-lists for your internal resources.
 
 The list of {% data variables.product.prodname_actions %} IP addresses returned by the API is updated once a week. 
 

content/authentication/keeping-your-account-and-data-secure/about-githubs-ip-addresses.md

@@ -27,6 +27,8 @@ You can retrieve a list of {% data variables.product.prodname_dotcom %}'s IP add
 
 {% endnote %}
 
+These IP addresses are used by {% data variables.product.prodname_dotcom %} to serve our content, deliver webhooks, and perform hosted {% data variables.product.prodname_actions %} builds.
+
 These ranges are in [CIDR notation](https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing#CIDR_notation). You can use an online conversion tool such as this  [CIDR / VLSM Supernet Calculator](http://www.subnet-calculator.com/cidr.php) to convert from CIDR notation to IP address ranges.
 
 We make changes to our IP addresses from time to time. We do not recommend allowing by IP address, however if you use these IP ranges we strongly encourage regular monitoring of our API.