Define permissions for GitHub Actions

[naveensrinivasan]

Background

The GitHub actions https://github.com/lightningnetwork/lnd/tree/master/.github/workflows by default have write all permissions which is an attack vector that can be compromised.

• https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
• https://github.com/justinsteven/advisories/blob/master/2021_github_actions_checkspelling_token_leak_via_advice_symlink.md

Define specific permissions for GitHub Actions https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions

[guggero]

Cool, I wasn't aware of this new GitHub Actions feature. We should definitely update our workflow definitions.