ci: scope down GitHub Token permissions (#308)

Author: AdnaneKhan

.github/workflows/ci_static-analysis.yaml

@@ -3,6 +3,9 @@ name: static analysis
 
 on: ["pull_request", "push"]
 
+permissions:
+  contents: read
+
 jobs:
   not-grep:
     runs-on: ubuntu-latest

.github/workflows/repo-sync.yml

@@ -3,6 +3,10 @@ name: Repo Sync
 on:
   workflow_dispatch:     # allows triggering this manually through the Actions UI
 
+permissions:
+  contents: write
+  pull-requests: write
+
 jobs:
   repo-sync:
     name: Repo Sync