Contain workflow permissions

This commit will resolve the CodeQL warning
`actions/missing-workflow-permissions`:

> If a GitHub Actions job or workflow has no explicit permissions set,
> then the repository permissions are used. Repositories created under
> organizations inherit the organization permissions. The organizations
> or repositories created before February 2023 have the default
> permissions set to read-write. Often these permissions do not adhere
> to the principle of least privilege and can be reduced to read-only,
> leaving the `write` permission only to a specific types as
> `issues: write` or `pull-requests: write`.
>
> Recommendation
>
> Add the `permissions` key to the job or the root of workflow (in this
> case it is applied to all jobs in the workflow that do not have their
> own `permissions` key) and assign the least privileges required to
> complete the task.

Author: br3ndonland

.github/workflows/ci.yml

@@ -7,6 +7,9 @@ on:
     tags: ["[0-9]+.[0-9]+.[0-9]+*"]
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   ci:
     runs-on: ubuntu-latest