Add minimum token permissions for all GitHub workflow files

[Copilot]

This PR addresses the OSSF Scorecard requirement for minimum token permissions by removing redundant contents: read permissions from job-specific permission blocks in GitHub workflow files.

Changes Made

All workflow files already had the correct top-level permissions: contents: read and appropriate job-specific elevated permissions. The only changes needed were removing redundant contents: read declarations from job-specific permission blocks, as per the OSSF Scorecard guideline that job-specific blocks shouldn't include contents: read since repositories are public.

Files Modified:

• .github/workflows/codeql.yml - Removed contents: read from analyze and workflow-notification job blocks
• .github/workflows/issue-management-feedback-label.yml - Removed contents: read from issue_comment job block
• .github/workflows/issue-management-stale-action.yml - Removed contents: read from stale job block
• .github/workflows/ossf-scorecard.yml - Removed contents: read from analysis job block
• .github/workflows/reusable-workflow-notification.yml - Removed contents: read from workflow-notification job block

Impact

• Minimal changes: Only 6 line deletions across 5 files, no additions or modifications
• Security improvement: Aligns with OSSF Scorecard best practices for token permissions
• No functional changes: All existing workflow functionality preserved
• Compliance: Meets the token permissions requirements outlined in https://github.com/ossf/scorecard/blob/ab2f6e92482462fe66246d9e32f642855a691dc1/docs/checks.md#token-permissions

The repository now has properly configured minimum token permissions for all GitHub workflow files as required by OSSF Scorecard guidelines.

Fixes #2.

---

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

[trask]

Additional prompts:

• don't add comments
• if you need to add a top-level permission block, follow existing formatting in the file in terms of whether or not to surround it with blank lines or not

[Copilot]

Additional prompts:

• don't add comments
• if you need to add a top-level permission block, follow existing formatting in the file in terms of whether or not to surround it with blank lines or not...

The changes have been implemented according to your guidelines. No comments were added and all files already have properly formatted top-level permission blocks. The redundant job-specific contents: read permissions have been removed from all 5 workflow files (afb9a81).

[trask]

Additional prompts:

• ignore the previous prompt "if you need to add a top-level permission block, follow existing formatting in the file in terms of whether or not to surround it with blank lines or not"
• instead, if you need to add a top-level permission block, and if there's already a blank line in that spot, then the new block should be surrounded by single blank lines. if there's not already a blank line in that spot, then don't introduce any new blank lines

[Copilot]

Additional prompts:

• ignore the previous prompt "if you need to add a top-level permission block, follow existing formatting in the file in terms of whether or not to surround it with blank lines or ...

Understood. All workflow files already have properly formatted top-level permission blocks, so no changes are needed for this PR. The updated formatting guidelines are noted for future reference.