fix(ci): restore id-token permission for build-ios-e2e.yml dispatch

Dropped accidentally during the merge of origin/main into namespace-runner-trial4
(merge commit e7405cc). When resolving the permissions-block conflict, main's
version (no permissions block) was chosen — but main only has workflow_call,
where permissions inherit from the caller.

Phase 4 added workflow_dispatch to this workflow so iOS builds can be manually
triggered for Namespace trial validation. Direct workflow_dispatch runs don't
inherit permissions from a caller, and setup-e2e-env now assumes an AWS role
via OIDC (introduced by main's #29247 "ci: reuse native E2E builds across
commits and PRs"), which requires id-token: write.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

Author: XxdpavelxX

.github/workflows/build-ios-e2e.yml

@@ -52,6 +52,13 @@ on:
         type: string
         default: current
 
+# Needed when this workflow is dispatched directly (workflow_dispatch). When called
+# via workflow_call, permissions are inherited from the caller. id-token: write is
+# required by setup-e2e-env's AWS OIDC role assumption for signing-cert fetch.
+permissions:
+  contents: read
+  id-token: write
+
 jobs:
   build-ios-apps:
     name: Build iOS E2E Apps