How would you design a secure build pipeline to prevent dependency confusion or malicious package injection attacks?