ci: harden permissions for GitHub Workflows (#11174)

* build: harden main.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden project.yml permissions
Signed-off-by: Alex <aleksandrosansan@gmail.com>

* Update project.yml

The permissions are not necessary, because a separate token is used `GITHUB_TOKEN: ${{ secrets.PROJECT_TOKEN }}`

.github/workflows/main.yml

@@ -14,6 +14,9 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   tests:
     name: Run tests

.github/workflows/project.yml

@@ -9,6 +9,7 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.head_ref || github.run_id }}
   cancel-in-progress: true
 
+permissions: {}
 jobs:
   add-to-project:
     name: Add to project