Clean up workflow files for Zizmor (#2121)

Author: mandreko-bitwarden

.github/workflows/ci-bwa.yml

@@ -42,12 +42,11 @@ on:
         type: boolean
         default: true
       xcode-version:
-          description: "Xcode Version Override - e.g. '15.2'"
-          type: string
+        description: "Xcode Version Override - e.g. '15.2'"
+        type: string
 
 permissions:
   contents: read
-  id-token: write
 
 jobs:
   version:
@@ -64,6 +63,8 @@ jobs:
   build-manual:
     name: Build Manual - ${{ inputs.build-mode }}
     needs: version
+    permissions:
+      id-token: write
     if: ${{ github.event_name == 'workflow_dispatch' && inputs.build-mode != 'CI' }}
     uses: bitwarden/ios/.github/workflows/_build-any.yml@main
     with:
@@ -79,6 +80,8 @@ jobs:
   build-public:
     name: Build CI
     needs: version
+    permissions:
+      id-token: write
     if: ${{ github.event_name == 'push' || inputs.build-mode == 'CI' }}
     uses: bitwarden/ios/.github/workflows/_build-any.yml@main
     strategy:

.github/workflows/ci-bwpm.yml

@@ -45,12 +45,11 @@ on:
         type: boolean
         default: true
       xcode-version:
-          description: "Xcode Version Override - e.g. '15.2'"
-          type: string
+        description: "Xcode Version Override - e.g. '15.2'"
+        type: string
 
 permissions:
   contents: read
-  id-token: write
 
 jobs:
   version:
@@ -67,6 +66,8 @@ jobs:
   build-manual:
     name: Build Manual - ${{ inputs.build-variant }} (${{ inputs.build-mode }})
     needs: version
+    permissions:
+      id-token: write
     if: ${{ github.event_name == 'workflow_dispatch' && inputs.build-mode != 'CI' }}
     uses: bitwarden/ios/.github/workflows/_build-any.yml@main
     with:
@@ -82,6 +83,8 @@ jobs:
   build-public:
     name: Build CI
     needs: version
+    permissions:
+      id-token: write
     if: ${{ github.event_name == 'push' || inputs.build-mode == 'CI' }}
     uses: bitwarden/ios/.github/workflows/_build-any.yml@main
     strategy: