fix(.github/workflows): detected GitHub workflow tokens with excessive permissions in auto-assign.yml

[gaius-qi]

Description

Related Issue

Motivation and Context

Screenshots (if appropriate)

Types of changes

• Bug fix (non-breaking change which fixes an issue)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to change)
• Documentation Update (if none of the other choices apply)

Checklist

• My change requires a change to the documentation.
• I have updated the documentation accordingly.
• I have read the CONTRIBUTING document.
• I have added tests to cover my changes.

[Copilot]

Pull Request Overview

This PR addresses the security concern by restricting GitHub workflow token permissions in the auto-assign workflow.

• Added an explicit permissions block limiting the token to "pull-requests: write".
• Updates the workflow configuration to minimize excess permissions.

[Liam-Zhao]

LGTM

[chlins]

lgtm

[codecov]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 34.24%. Comparing base (4d74f17) to head (bf32031).
Report is 10 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main    #4021      +/-   ##
==========================================
- Coverage   34.27%   34.24%   -0.03%     
==========================================
  Files         343      343              
  Lines       40197    40199       +2     
==========================================
- Hits        13777    13768       -9     
- Misses      25512    25520       +8     
- Partials      908      911       +3     

Flag	Coverage Δ
unittests	34.24% <ø> (-0.03%)	⬇️

Flags with carried forward coverage won't be shown. Click here to find out more.

see 5 files with indirect coverage changes

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.