Add permissions to workflows

Author: nirinchev

.github/workflows/bump-packages.yaml

@@ -5,6 +5,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: none # we use the github app's token to checkout and push
+
 jobs:
   update_generated_files:
     name: Bump packages

.github/workflows/check-test.yaml

@@ -11,6 +11,9 @@ on:
     branches:
       - main
 
+permissions:
+  contents: read # we just need to checkout the repo
+
 # A workflow run is made up of one or more jobs that can run sequentially or in parallel
 jobs:
   check-and-test:

.github/workflows/publish-packages.yaml

@@ -7,6 +7,9 @@ on:
     types:
       - completed
 
+permissions:
+  contents: none # we use the github app's token to checkout and push
+
 jobs:
   publish:
     if: |

.github/workflows/update-cidrs.yaml

@@ -6,6 +6,9 @@ on:
   schedule:
     - cron: "0 0 * * *"
 
+permissions:
+  contents: none # we use the github app's token to checkout and push
+
 jobs:
   update_generated_files:
     name: Update automatically generated files