Fix Dependabot 403 when publishing test results by adding explicit permissions

Dependabot PRs use a restricted GITHUB_TOKEN that lacks write access by
default. Explicitly granting checks:write and pull-requests:write allows
the publish-unit-test-result-action to create check runs on Dependabot PRs.

Author: umeetiusbaar

.github/workflows/ci.yml

@@ -11,6 +11,10 @@ jobs:
   tests:
     name: Test
     runs-on: ubuntu-latest
+    permissions:
+      checks: write
+      pull-requests: write
+      contents: read
     steps:
       - uses: actions/checkout@v4