Look into adding permissions to the example workflow

[jspaaks]

Spawned by discussion in JuliaLang/julia. Thanks @DilumAluthge for the suggestion.

[kevinmatthes]

I would like to add that furthermore also pinning the version of an Action to a release commit might have benefits. If you take a look at the GitHub Action of cffreference which is the subject of citation-file-format/citation-file-format#384, you will find a working example which implements both pinning the Action versions to a release commit as well as the minimum permissions to ensure the correctness.

Since the default permission set GitHub grants the session token for an Action does not always fit the Action's intention, at least in my opinion adding the minimum permissions in both the example as well as the corresponding applications of the Action in this namespace would be a meaningful change.

To see the permissions granted by default, just go to the "Actions" tab of a project of your choice which applies them, choose an arbitrary Action which was completed not too long ago, expand "Set up job", and, in there, "GITHUB_TOKEN Permissions". Try to find an Action which does not explicitly limit the granted permissions.

[kevinmatthes]

I submitted a Pull Request related to this topic to the main project. citation-file-format/citation-file-format#406