ci: add explicit permissions to workflows

Fixes CodeQL 'Workflow does not contain permissions' warnings. Sets minimal 'contents: read' at top level.
2025-12-30 13:03:24 +01:00
parent 9c70eead9b
commit d405ff4b2b
2 changed files with 8 additions and 0 deletions
@@ -11,6 +11,10 @@ on:
        required: false
        default: ''

+# Default minimal permissions
+permissions:
+  contents: read
+
 env:
  REGISTRY: ghcr.io

@@ -4,6 +4,10 @@ on:
  pull_request:
    branches: [main]

+# Minimal permissions for security
+permissions:
+  contents: read
+
 jobs:
  # =============================================================================
  # Backend Tests