Limit GitHub workflow permissions to contents:read

as this seems to be enough even though there's an artifact upload action in play ...

Signed-off-by: marko-bekhta <[email protected]>

Author: marko-bekhta

.github/workflows/ci-report.yml

@@ -15,6 +15,9 @@ defaults:
 env:
   MAVEN_ARGS: "-e -B --settings .github/mvn-settings.xml --fail-at-end -Pci-build --no-transfer-progress"
 
+permissions:
+  contents: read
+
 jobs:
   publish-build-scans:
     name: Publish Develocity build scans

.github/workflows/ci.yml

@@ -51,6 +51,9 @@ env:
   MAVEN_ARGS: "-e -B --settings .github/mvn-settings.xml --fail-at-end -Pci-build --no-transfer-progress"
   TESTCONTAINERS_REUSE_ENABLE: true
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: ${{matrix.os.name}}