ci: restrict the CI actions permissions

.github/workflows/conventional-commits.yml

@@ -4,10 +4,17 @@ on:
   pull_request:
     types: [ opened, synchronize, reopened, edited ]
 
+permissions: { }
+
 jobs:
   build:
     name: conventional commits
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
     steps:
       - name: checkout code
         uses: actions/checkout@v3

.github/workflows/conventional-pull-requests.yml

@@ -4,10 +4,17 @@ on:
   pull_request:
     types: [ opened, synchronize, reopened, edited ]
 
+permissions: { }
+
 jobs:
   build:
     name: conventional pull requests
     runs-on: ubuntu-22.04
+    permissions:
+      contents: read
+      pull-requests: read
+      packages: read
+      statuses: write
     steps:
       - name: conventional pull requests check
         uses: ytanikin/PRConventionalCommits@1.1.0

.github/workflows/lint.yml

@@ -12,6 +12,7 @@ jobs:
     runs-on: ubuntu-latest
     permissions:
       contents: read
+      pull-requests: read
       packages: read
       statuses: write
     steps: