ci(security): set default workflow permissions to read-all (#9)

The sync workflow should explicitly define the permissions write
on contents

Closes #8

Signed-off-by: Jonathan Gonzalez V. <[email protected]>
Signed-off-by: Francesco Canovai <[email protected]>
Signed-off-by: Marco Nenciarini <[email protected]>

Author: sxd

.github/workflows/sync.yaml

@@ -10,10 +10,13 @@ on:
   repository_dispatch:
     types: [ sync-api ]
 
+permissions: read-all
+
 jobs:
   sync:
     runs-on: ubuntu-latest
-
+    permissions:
+      contents: write
     steps:
       - name: Checkout API repository
         uses: actions/checkout@v4