fix(ci): permissions to publish npm provenance (Kong#351)

Author: saisatishkarra

.github/workflows/build.yml

@@ -63,6 +63,11 @@ jobs:
 
   publish:
     runs-on: ubuntu-latest
+    permissions:
+      contents: write
+      id-token: write # For using token to sign images
+      actions: read # For getting workflow run info to build provenance
+      packages: write # Required for publishing provenance. Issue: https://github.com/slsa-framework/slsa-github-generator/tree/main/internal/builders/container#known-issues
     if: ${{ github.ref_type == 'tag' && github.repository_owner == 'Kong' }}
     steps:
       # checkout tag