Potential fix for code scanning alert no. 88: Workflow does not contain permissions

Below is a minimal fix to satisfy GitHub’s requirement for explicit token permissions. Add a top-level `permissions` block—here we give only read access to repo contents, which is enough for a simple pre-compile check.

```yaml
name: Check Precompiled

on:
  pull_request:
    branches:
      - canary
      - main
      - patch*
  workflow_dispatch:

# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<
# Required: explicitly scope the GITHUB_TOKEN
permissions:
  contents: read
# <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<

jobs:
  check:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repo
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Setup Node.js 20
        uses: actions/setup-node@v4
        with:
          node-version: '20'

      - name: Install deps
        run: pnpm install --frozen-lockfile

      - name: Run pre-compiled check
        run: ./scripts/check-pre-compiled.sh
```

—  
Additional tips:

• If you ever need to write status comments or push tags, add `contents: write` (or more granular scopes).  
• For workflows calling external registries, you may need `packages: write`.  
• To use OpenID Connect (OIDC) in a later step, add `id-token: write`.

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>
Signed-off-by: Mustapha BARKI <code4yo@gmail.com>

Author: akabarki76

.github/workflows/turbopack-update-tests-manifest.yml

@@ -1,5 +1,8 @@
 # A recurring workflow which updates the passing/failing/skipped integration tests for Turbopack.
 name: Update Turbopack test manifest
+permissions:
+  contents: read
+  pull-requests: write
 
 on:
   schedule: