build(deps): bump the github-actions-dependencies group with 2 updates

Bumps the github-actions-dependencies group with 2 updates:
- [hoverkraft-tech/ci-github-nodejs](https://github.com/hoverkraft-tech/ci-github-nodejs)

---
updated-dependencies:
- dependency-name: hoverkraft-tech/ci-github-nodejs
  dependency-version: 0.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
- dependency-name: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml
  dependency-version: 0.18.0
  dependency-type: direct:production
  update-type: version-update:semver-minor
  dependency-group: github-actions-dependencies
...

Signed-off-by: dependabot[bot] <support@github.com>
Signed-off-by: Emilien Escalle <emilien.escalle@escemi.com>

Author: dependabot[bot]

.github/workflows/__check-dist.yml

@@ -3,16 +3,17 @@ name: Internal - Checks for dist
 on:
   workflow_call:
 
-permissions:
-  contents: read
+permissions: {}
 
 jobs:
   check-dist:
     name: Check dist
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
-      - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@23af54bc615d657aa9c13c472ae701445c1811a6 # 0.17.1
+      - uses: hoverkraft-tech/ci-github-nodejs/actions/setup-node@32a69b7b8fd5f7ab7bf656e7e88aa90ad235cf8d # 0.18.0
 
       - name: Build dist/ Directory
         id: package

.github/workflows/__check-nodejs.yml

@@ -10,10 +10,12 @@ permissions:
 
 jobs:
   test-nodejs:
-    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@23af54bc615d657aa9c13c472ae701445c1811a6 # 0.17.1
+    uses: hoverkraft-tech/ci-github-nodejs/.github/workflows/continuous-integration.yml@32a69b7b8fd5f7ab7bf656e7e88aa90ad235cf8d # 0.18.0
     permissions:
+      contents: read
       id-token: write
+      pull-requests: write
       security-events: write
-      contents: read
     with:
-      build: ""
+      test: |
+        {"coverage":"codecov"}

.github/workflows/__shared-ci.yml

@@ -3,17 +3,16 @@ name: Common Continuous Integration tasks
 on:
   workflow_call:
 
-permissions:
-  actions: read
-  contents: read
-  issues: write
-  statuses: write
-  security-events: write
-  id-token: write
+permissions: {}
 
 jobs:
   linter:
     uses: hoverkraft-tech/ci-github-common/.github/workflows/linter.yml@753288393de1f3d92f687a6761d236ca800f5306 # 0.28.1
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+      statuses: write
     with:
       # FIXME: remove VALIDATE_*_PRETTIER and *_SUMMARY when supported (https://github.com/super-linter/super-linter/issues/6089)
       linter-env: |
@@ -30,14 +29,24 @@ jobs:
     name: Test nodejs
     needs: linter
     uses: ./.github/workflows/__check-nodejs.yml
+    permissions:
+      contents: read
+      id-token: write
+      pull-requests: write
+      security-events: write
     secrets: inherit
 
   check-dist:
     name: Test nodejs
     needs: linter
     uses: ./.github/workflows/__check-dist.yml
+    permissions:
+      contents: read
 
   check-action:
     name: Test action
     needs: [check-nodejs, check-dist]
     uses: ./.github/workflows/__check-action.yml
+    permissions:
+      contents: read
+      issues: write

.github/workflows/main-ci.yml

@@ -5,13 +5,7 @@ on:
     branches: [main]
     tags: ["*"]
 
-permissions:
-  actions: read
-  contents: read
-  issues: write
-  statuses: write
-  security-events: write
-  id-token: write
+permissions: {}
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -20,11 +14,21 @@ concurrency:
 jobs:
   ci:
     uses: ./.github/workflows/__shared-ci.yml
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      issues: write
+      pull-requests: write
+      security-events: write
+      statuses: write
     secrets: inherit
 
   generate-readme:
     needs: ci
     runs-on: ubuntu-latest
+    permissions:
+      contents: read
     steps:
       - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
       - uses: hoverkraft-tech/ci-dokumentor@c46a1a108957237cf485103a80b060c35c7dba33 # 0.2.2

.github/workflows/pull-request-ci.yml

@@ -5,13 +5,7 @@ on:
   pull_request:
     branches: [main]
 
-permissions:
-  actions: read
-  contents: read
-  issues: write
-  statuses: write
-  security-events: write
-  id-token: write
+permissions: {}
 
 concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
@@ -20,4 +14,12 @@ concurrency:
 jobs:
   ci:
     uses: ./.github/workflows/__shared-ci.yml
+    permissions:
+      actions: read
+      contents: read
+      id-token: write
+      issues: write
+      pull-requests: write
+      security-events: write
+      statuses: write
     secrets: inherit