Fix CI Security (#25)

Author: welpie21

.github/workflows/ci.yml

@@ -1,5 +1,9 @@
 name: CI
 
+permissions:
+  contents: read
+  pull-requests: read
+
 on:
   workflow_dispatch:
   workflow_call:

.github/workflows/draft-release.yml

@@ -12,14 +12,15 @@ on:
 
 env:
   TAG_VERSION: ${{ github.event.inputs.TAG_VERSION }}
-permissions: 
-  contents: write
 
 jobs:
 
   ci:
     name: CI Job
     uses: ./.github/workflows/ci.yml
+    permissions: 
+      contents: read
+      pull-requests: read
 
   update_tag:
     name: Update Tag Job

.github/workflows/push-release.yml

@@ -4,14 +4,14 @@ on:
   release:
     types: [published]
 
-permissions:
-  contents: write
-
 jobs:
 
   ci:
     name: CI Job
     uses: ./.github/workflows/ci.yml
+    permissions: 
+      contents: read
+      pull-requests: read
 
   update_tag:
     name: Update Tag Job
@@ -30,7 +30,7 @@ jobs:
     runs-on: ubuntu-latest
     needs: [update_tag]
     permissions:
-      contents: write
+      contents: read
     steps:
       - name: Update package
         run: |