fix: add explicit permissions to validate-renovate workflow

Adds minimal read-only permissions to follow the principle of least
privilege. This workflow only validates Renovate config and doesn't
need any write access.

Fixes code scanning alert finos#41 (CWE-275)

Author: rocketstack-matt

.github/workflows/validate-renovate.yml

@@ -1,5 +1,8 @@
 name: Validate Renovate Configuration
 
+permissions:
+  contents: read
+
 on:
   push:
     paths: