Add specific permissions to workflows under .github/workflows (#704)

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/release.yml

* Restrict permissions for the GITHUB_TOKEN in .github/workflows/test.yml

Co-authored-by: Step Security <[email protected]>

.github/workflows/release.yml

@@ -21,6 +21,8 @@ on:
       - ".github/workflows/*.yml"
 jobs:
   build:
+    permissions:
+      contents: write
     strategy:
       matrix:
         # Include amd64 on all platforms.

.github/workflows/test.yml

@@ -19,6 +19,8 @@ on:
 
 jobs:
   test:
+    permissions:
+      contents: read
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false