Backport workflow-hardening fix (excessive-permissions) to 5 release branches

[CharlieMCY]

Summary

The default branch already hardened .github/workflows/delete_backport_branch.yml against the issue(s) below, but 5 release branches still carry it. This proposes the same, minimal, scanner-verified fix for each.

What's flagged (by zizmor)

• excessive-permissions — workflow/job granted broader permissions than needed

Already resolved on the default branch in:

• a3fc7da

Affected release branches (5)

• 2.10.3 (still present as of HEAD e40f1281)
• 2.11 (still present as of HEAD 72801252)
• 2.10.4 (still present as of HEAD f29a574a)
• 2.10.2 (still present as of HEAD fb27ae67)
• 2.9.1 (still present as of HEAD 14cc4e50)

Suggested per-branch patches

Each diff below was checked locally with zizmor and actionlint: the flagged finding(s) are cleared on the affected construct and no new lint or security findings are introduced. (Whitespace is normalized; only security-relevant lines change.)

2.10.3 — excessive-permissions

File .github/workflows/delete_backport_branch.yml; suggested edits:

• • jobs.$J.permissions.contents = 'write'

--- a/.github/workflows/delete_backport_branch.yml
+++ b/.github/workflows/delete_backport_branch.yml
@@ -13,3 +13,5 @@
         uses: SvanBoxel/delete-merged-branch@main
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write

2.11 — excessive-permissions

File .github/workflows/delete_backport_branch.yml; suggested edits:

• • jobs.$J.permissions.contents = 'write'

--- a/.github/workflows/delete_backport_branch.yml
+++ b/.github/workflows/delete_backport_branch.yml
@@ -13,3 +13,5 @@
         uses: SvanBoxel/delete-merged-branch@main
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write

2.10.4 — excessive-permissions

File .github/workflows/delete_backport_branch.yml; suggested edits:

• • jobs.$J.permissions.contents = 'write'

--- a/.github/workflows/delete_backport_branch.yml
+++ b/.github/workflows/delete_backport_branch.yml
@@ -13,3 +13,5 @@
         uses: SvanBoxel/delete-merged-branch@main
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write

2.10.2 — excessive-permissions

File .github/workflows/delete_backport_branch.yml; suggested edits:

• • jobs.$J.permissions.contents = 'write'

--- a/.github/workflows/delete_backport_branch.yml
+++ b/.github/workflows/delete_backport_branch.yml
@@ -13,3 +13,5 @@
         uses: SvanBoxel/delete-merged-branch@main
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write

2.9.1 — excessive-permissions

File .github/workflows/delete_backport_branch.yml; suggested edits:

• • jobs.$J.permissions.contents = 'write'

--- a/.github/workflows/delete_backport_branch.yml
+++ b/.github/workflows/delete_backport_branch.yml
@@ -13,3 +13,5 @@
         uses: SvanBoxel/delete-merged-branch@main
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+    permissions:
+      contents: write

---

Happy to open pull requests instead if that's preferred.