add models as allowed permission

See related GitHub blog [1] and docs [2].

[1]: https://github.blog/changelog/2025-03-18-as-of-march-29-fine-grained-pats-and-github-apps-need-updates-to-access-github-models-playground/
[2]: https://docs.github.com/en/actions/writing-workflows/workflow-syntax-for-github-actions#permissions

Author: muzimuzhi

docs/checks.md

@@ -2114,7 +2114,7 @@ test.yaml:4:14: "write" is invalid for permission for all the scopes. available
   |
 4 | permissions: write
   |              ^~~~~
-test.yaml:11:7: unknown permission scope "check". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]
+test.yaml:11:7: unknown permission scope "check". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "models", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]
    |
 11 |       check: write
    |       ^~~~~~

rule_permissions.go

@@ -6,9 +6,10 @@ var allPermissionScopes = map[string]struct{}{
 	"checks":              {},
 	"contents":            {},
 	"deployments":         {},
+	"discussions":         {},
 	"id-token":            {},
 	"issues":              {},
-	"discussions":         {},
+	"models":              {},
 	"packages":            {},
 	"pages":               {},
 	"pull-requests":       {},

testdata/err/permissions_upper_case.out

@@ -1,2 +1,2 @@
-test.yaml:4:3: unknown permission scope "ACTIONS". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]
-test.yaml:5:3: unknown permission scope "CHECKS". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]
+test.yaml:4:3: unknown permission scope "ACTIONS". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "models", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]
+test.yaml:5:3: unknown permission scope "CHECKS". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "models", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]

testdata/examples/permissions.out

@@ -1,3 +1,3 @@
 test.yaml:4:14: "write" is invalid for permission for all the scopes. available values are "read-all" and "write-all" [permissions]
-test.yaml:11:7: unknown permission scope "check". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]
+test.yaml:11:7: unknown permission scope "check". all available permission scopes are "actions", "attestations", "checks", "contents", "deployments", "discussions", "id-token", "issues", "models", "packages", "pages", "pull-requests", "repository-projects", "security-events", "statuses" [permissions]
 test.yaml:13:15: "readable" is invalid for permission of scope "issues". available values are "read", "write" or "none" [permissions]