Set least privileged token permission for GitHub Actions (#3155)

Signed-off-by: Ashish Kurmi <akurmi@stepsecurity.io>

.github/workflows/build-and-push-image.yml

@@ -9,6 +9,9 @@ on:
         description: 'Image tag'
         required: true
         default: 'test'
+permissions:
+  contents: read
+
 jobs:
   image:
     name: Build Image from Dockerfile and binaries

.github/workflows/goreleaser.yml

@@ -3,6 +3,9 @@ name: goreleaser
 on:
   workflow_dispatch:
 
+permissions:
+  contents: read
+
 jobs:
   goreleaser:
     runs-on: ubuntu-latest

.github/workflows/stale.yml

@@ -8,8 +8,14 @@ on:
         description: 'In debug mod'
         required: false
         default: 'false'
+permissions:
+  contents: read
+
 jobs:
   stale:
+    permissions:
+      issues: write  # for actions/stale to close stale issues
+      pull-requests: write  # for actions/stale to close stale PRs
     runs-on: ubuntu-latest
     steps:
     - uses: actions/stale@v6