Add minimal permission for build workflow (#141)

As suggested by CodeQL code scanning alert:
```
Actions job or workflow does not limit the permissions of the
GITHUB_TOKEN. Consider setting an explicit permissions block, using the
following as a minimal starting point: {contents: read}
```

Author: eest

.github/workflows/build.yml

@@ -1,4 +1,6 @@
 name: Build
+permissions:
+  contents: read
 
 on: [push]