Enforce least privilege in check-generated-files workflow

Add permissions section to enforce least privilege for workflow.

Author: rm3l

.github/workflows/check-generated-files.yaml

@@ -8,6 +8,11 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event.number }}
   cancel-in-progress: true
 
+# SECURITY: Enforce least privilege.
+# This workflow only needs to checkout code; it does not need write access.
+permissions:
+  contents: read
+
 jobs:
   check-ui-static-files:
     runs-on: ubuntu-22.04