Add explicit permissions to CI workflow

Address GitHub Advanced Security recommendation to limit GITHUB_TOKEN
permissions. Set minimal `contents: read` permission.

🤖 Generated with [Claude Code](https://claude.com/claude-code)

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>

Author: EDsCODE

.github/workflows/ci.yml

@@ -8,6 +8,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest