Merge pull request #100 from incertum/chore/workflow-permissions

chore: restrict GitHub workflow permissions - future-proof

Author: alexanderjordanbaker

.github/workflows/ci-prb.yml

@@ -1,4 +1,6 @@
 name: PR Builder
+permissions:
+  contents: read
 on:
   pull_request:
     branches: [ main ]

.github/workflows/ci-release-docs.yml

@@ -1,10 +1,9 @@
 name: Doc Builder
+permissions:
+  contents: read
 on:
   release:
     types: [published]
-permissions:
-  pages: write
-  id-token: write
 jobs:
   build:
     name: Doc Builder
@@ -25,6 +24,9 @@ jobs:
         with:
           path: docs
   deploy:
+    permissions:
+      pages: write
+      id-token: write
     environment:
       name: github-pages
       url: ${{ steps.deployment.outputs.page_url }}