Potential fix for code scanning alert no. 1: Workflow does not contain permissions

[dermatz]

Potential fix for https://github.com/OpenForgeProject/vscode-ext-magento-log-viewer/security/code-scanning/1

The best way to fix the problem is to add the permissions: key to explicitly set the minimum required privileges for the job or the workflow as a whole. Because the workflow only needs to check out code and run tests, only read access to contents is necessary, so we should specify contents: read as a minimal starting point. This should be added at the root level of the workflow file (just below name:), which then applies to all jobs unless overridden. The edit consists of inserting the following block:

permissions:
  contents: read

immediately after the workflow name:. No additional dependencies, imports, or definitions are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[Copilot]

Pull Request Overview

This PR addresses a security code scanning alert by adding explicit permissions to the GitHub Actions workflow. The change follows security best practices by implementing the principle of least privilege.

• Adds explicit permissions configuration to the workflow
• Sets minimal contents: read permission required for checking out code and running tests

---

_{Tip: Customize your code reviews with copilot-instructions.md. Create the file or learn how to get started.}