mirrors: Set permissions in mirror repo workflows (#46230)

Committed via a GitHub action: https://github.com/Automattic/jetpack/actions/runs/20146133820

Upstream-Ref: Automattic/jetpack@f741ad0

Author: anomiex

.github/workflows/autorelease.yml

@@ -13,6 +13,11 @@ on:
       - 'trunk'
   workflow_dispatch:
 
+permissions:
+  # read: actions/checkout
+  # write: `gh release`
+  contents: write
+
 jobs:
   publish:
     name: Release

.github/workflows/autotagger.yml

@@ -8,6 +8,9 @@ on:
       - '*/branch-*'
   workflow_dispatch:
 
+# We use secrets.API_TOKEN_GITHUB for everything here, so no need for permissions.
+permissions: {}
+
 jobs:
   tag:
     name: Tag

.github/workflows/e2e-tests.yml

@@ -3,6 +3,9 @@ name: End to end tests
 on:
   push:
 
+# We use secrets.REPO_DISPATCH_TOKEN for everything here, so no need for permissions.
+permissions: {}
+
 jobs:
   run-tests:
     name: "Trigger e2e tests in Jetpack monorepo"

.github/workflows/readonly.yml

@@ -6,6 +6,11 @@ on:
   pull_request_target:
     types: opened
 
+permissions:
+  # dessant/repo-lockdown
+  issues: write
+  pull-requests: write
+
 jobs:
   lockdown:
     runs-on: ubuntu-latest

.github/workflows/wp-svn-autopublish.yml

@@ -10,6 +10,10 @@ on:
       - 'v?[0-9]+.[0-9]+.[0-9]+.[0-9]+'
       - 'v?[0-9]+.[0-9]+.[0-9]+.[0-9]+-*'
 
+permissions:
+  # actions/checkout
+  contents: read
+
 jobs:
   publish:
     name: Publish