Potential fix for code scanning alert no. 10: Workflow does not contain permissions (#467)

Potential fix for
[https://github.com/aws-observability/aws-application-signals-test-framework/security/code-scanning/10](https://github.com/aws-observability/aws-application-signals-test-framework/security/code-scanning/10)

The fix is to add a `permissions:` key at the top level of the workflow
YAML file. Since none of the jobs in this workflow require write access
(they perform checkouts, run linters, and build commands but do not push
or alter repository content remotely), the minimal permission needed is
read access to repository contents. This is done by setting
`permissions: contents: read` at the workflow root, which will apply to
all jobs unless overridden—thus limiting the `GITHUB_TOKEN` to read-only
repository contents.

This change should be made immediately following the `name` and before
the `on:` trigger (i.e., after line 1 and before line 2).

No additional imports or definitions are needed.

---


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: thpierce

.github/workflows/pr-build.yml

@@ -1,4 +1,6 @@
 name: PR Build
+permissions:
+  contents: read
 on:
   workflow_dispatch:
   pull_request: