chore: add explicit permissions to release-please workflow

[kinyoklion]

Summary

Adds explicit contents: write and pull-requests: write permissions to the release-please job. Without these, the job relies on inherited default GITHUB_TOKEN permissions, which may be insufficient if the org or repo defaults are tightened to read-only.

These permissions are required for release-please to:

• Create and update release PRs (pull-requests: write)
• Create GitHub releases and push tags (contents: write)

Downstream jobs (release-sdk-internal, release-sdk-internal-provenance) already have their own explicit permissions blocks and are unaffected.

This was identified during an audit of all non-archived launchdarkly-sdk-tagged repositories.

Review & Testing Checklist for Human

• Verify no additional implicit permissions are needed. Adding an explicit job-level permissions block restricts the token to only the listed permissions (plus metadata: read). Confirm that release-please-action in this repo does not require anything beyond contents: write and pull-requests: write (e.g., issues: write for label management).
• After merging, monitor the next release-please workflow run (triggered by a push to main) to confirm it still creates/updates release PRs successfully.

Notes

This is part of a batch fix across launchdarkly-sdk-tagged repositories whose release-please workflows were missing explicit permissions on their default branch.

Link to Devin session: https://app.devin.ai/sessions/a83b6e4f4fa14b96b859cfb50755a2c1
Requested by: @kinyoklion

[devin-ai-integration]

🤖 Devin AI Engineer

I'll be helping with this pull request! Here's what you should know:

✅ I will automatically:

• Address comments on this PR. Add '(aside)' to your comment to have me ignore it.
• Look at CI failures and help fix them

Note: I can only respond to comments from users who have write access to this repository.

⚙️ Control Options:

• Disable automatic comment and CI monitoring