Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#40)

Potential fix for
[https://github.com/secondfry/shortcircuit/security/code-scanning/1](https://github.com/secondfry/shortcircuit/security/code-scanning/1)

In general, the fix is to add an explicit `permissions:` block either at
the workflow root (applies to all jobs without their own `permissions`)
or within the specific job. The block should grant only the least
privileges necessary, which in this case is read access to repository
contents (`contents: read`). No steps in the shown job need write access
to the repo, nor access to issues, pull requests, or other resources.

The single best fix, without changing existing functionality, is to add
a minimal `permissions` block at the top level of the workflow (right
after `name: CI` and before `on:`). This will apply to all jobs
(currently just `build`) and clearly communicates that the workflow only
needs read permissions on contents. Concretely, in
`.github/workflows/main.yml`, insert:

```yaml
permissions:
  contents: read
```

between lines 1 and 3 in the snippet provided. No additional imports or
methods are needed, as this is YAML configuration only.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: secondfry

.github/workflows/main.yml

@@ -1,5 +1,8 @@
 name: CI
 
+permissions:
+  contents: read
+
 on:
   push:
     branches: [master, develop]