ci: explicit permission in GH actions

doublethink · doublethink · commit 2f4bf9cd62a1 · 2025-04-07T16:11:59.000+12:00
diff --git a/.github/workflows/audit.yml b/.github/workflows/audit.yml
@@ -7,6 +7,10 @@ on:
     paths:
       - "**/Cargo.toml"
       - "**/Cargo.lock"
+
+permissions:
+  contents: read
+
 jobs:
   security_audit:
     runs-on: ubuntu-latest
diff --git a/.github/workflows/general.yml b/.github/workflows/general.yml
@@ -6,6 +6,9 @@ on: [push, pull_request]
 env:
   CARGO_TERM_COLOR: always
 
+permissions:
+  contents: read
+
 jobs:
   fmt:
     name: Rustfmt
