Fix code scanning alerts by adding permissions decl. (#68)

* Fix code scanning alerts by adding permissions decl.

This addressess the following code scanning alerts:
- https://github.com/quantumlib/OpenFermion-PySCF/security/code-scanning/1
- https://github.com/quantumlib/OpenFermion-PySCF/security/code-scanning/2

* Update versions of Python & runner OS

Those old versions are no longer available on GitHub.

Author: mhucka

.github/workflows/ci.yml

@@ -17,34 +17,28 @@ name: Continuous Integration
 
 on: [pull_request]
 
+# Declare default permissions as read only.
+permissions: read-all
+
 jobs:
-  pytest:
-    name: Pytest Ubuntu python3.6
-    runs-on: ubuntu-16.04
+  pytest-matrix:
+    name: Run Pytest on Python ${{matrix.python-version}}
+    strategy:
+      matrix:
+        python-version: ['3.9', '3.10', '3.11', '3.12']
+    runs-on: ubuntu-22.04
     steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-python@v1
-        with:
-          python-version: '3.6'
-          architecture: 'x64'
-      - name: Install requirements
-        run: |
-          pip install -r ./dev_tools/pip-list
-      - name: Pytest check
-        run: |
-          pytest
-  pytest37:
-    name: Pytest Ubuntu python3.7
-    runs-on: ubuntu-16.04
-    steps:
-      - uses: actions/checkout@v1
-      - uses: actions/setup-python@v1
+      - name: Get a local copy of the source repository
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
+
+      - name: Set up Python ${{matrix.python-version}}
+        uses: actions/setup-python@42375524e23c412d93fb67b49958b491fce71c38 # v5
         with:
-          python-version: '3.7'
+          python-version: ${{matrix.python-version}}
           architecture: 'x64'
+
       - name: Install requirements
-        run: |
-          pip install -r ./dev_tools/pip-list
+        run: pip install -r ./dev_tools/pip-list
+
       - name: Pytest check
-        run: |
-          pytest
+        run: pytest