To prevent accidental deletion of the Shared VPC project, you need to ensure only users with the resourcemanager.projects.updateLiens permission at the organization level can remove the lien and delete the project. What steps should you take to implement this restriction?