Configure GITHUB_TOKEN permissions to support workflow use in private repositories

Read permissions are required in the "contents" scope in order to checkout private repositories.

Even though those permissions are not required in this project where the workflow is installed in a public repository,
this is a copy of a "template" that is intended to be applicable to any Arduino Tooling project.

A small excess in permissions in the template was chosen instead of the alternative of having to maintain separate
variants of each workflow for use in public or private repos.

Author: per1234

.github/workflows/check-npm-task.yml

@@ -26,12 +26,10 @@ on:
   workflow_dispatch:
   repository_dispatch:
 
-permissions:
-  contents: read
-
 jobs:
   run-determination:
     runs-on: ubuntu-latest
+    permissions: {}
     outputs:
       result: ${{ steps.determination.outputs.result }}
     steps:
@@ -57,6 +55,8 @@ jobs:
     needs: run-determination
     if: needs.run-determination.outputs.result == 'true'
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - name: Checkout repository
@@ -80,6 +80,8 @@ jobs:
     needs: run-determination
     if: needs.run-determination.outputs.result == 'true'
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
 
     steps:
       - name: Checkout repository