fix(ci): status check workflows permissions

[asdolo]

What does this do?

This PR changes the Lint, Test and Type-Check workflows to specifically set the minimum permissions they need.

Why did you do this?

The workflows (and thus, the status checks of all Pull Requests and pushes) weren't working if the default permissions granted to the GITHUB_TOKEN were set to "Read" instead of "Read and Write" in the project repository.

Nonetheless, GItHub recommends to "only allow the minimum required access" to the workflow files.

What is this?

• The GITHUB_TOKEN secret is used by all of these workflows to perform operations such as reading our PRs and creating comments on them.
• If no permissions are specified in a workflow file, the GITHUB_TOKEN will have the default permissions set in the repository configuration (Repository settings > Actions > General > Workflow permissions).
• There are two possible values for the default permissions: "Read and write" and "Read."

• If the default permissions are set to "Read and write", the workflows run without issues.
• If the default permissions are set to "Read", the workflows fail because they require write permissions.
• It may seem that the solution is to simply set "Read and write" as the default permissions in the repository, but this presents two main issues:
  1. Organization owners can prevent you from granting write access to the GITHUB_TOKEN at the repository level. In other words, sometimes we can't even change the default permissions to "Read and write." More information here.
  2. It’s just not recommended. Write permissions will apply to all workflows, which is excessive and could pose a security risk.
• For these two reasons, assuming the default permissions of the GITHUB_TOKEN are set to "Read", we recommend specifying and overriding the permissions for each workflow file on a more fine-grained basis.

Who/what does this impact?

Repositories with restricted access.

How did you test this?

I tested the workflow in a temporal test repository.

[github-actions]

💯 Test Coverage

Lines	Statements	Branches	Functions
	50.69% (256/505)	46.63% (104/223)	36.12% (69/191)

😎 Tests Results

Tests	Skipped	Failures	Errors	Time
68	0 💤	0 ❌	0 🔥	27.69s ⏱️

👀 Tests Details • (51%)

File	% Stmts	% Branch	% Funcs	% Lines	Uncovered Line #s
All files	50.69	46.63	36.12	51.66

report-only-changed-files is enabled. No files were changed in this commit :)

[fernandatoledo]

The description of this PR is super complete! 👏