GitHub Actions: Reduce permissions to guard against malicious 3rd party actions

Author: bkoelman

.github/workflows/build.yml

@@ -35,6 +35,8 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     steps:
     - name: Setup PostgreSQL
       uses: ikalnytskyi/action-setup-postgres@v4
@@ -152,6 +154,8 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     steps:
     - name: Git checkout
       uses: actions/checkout@v3
@@ -201,6 +205,8 @@ jobs:
       matrix:
         os: [ubuntu-latest, windows-latest, macos-latest]
     runs-on: ${{ matrix.os }}
+    permissions:
+      contents: read
     steps:
     - name: Git checkout
       uses: actions/checkout@v3