Set permissions to GITHUB_TOKEN

[joycebrum]

Hi, I'm Joyce, from the Google Open Source Security Team (GOSST). Setting the GITHUB_TOKEN permission is one of the OSSF Scorecard recommendation -- called Token-Permissions check.

The default permissions given to GITHUB_TOKEN is write all, which can be exploited by an attacker in case of a compromised action.

To mitigate this risk it is important to Use credentials that are minimally scoped.

I'll submit a PR together with the issue. Thanks.

[bhack]

Hi thank you for the PR. We will check It soon