GitHub Workflows security hardening (#6472)

* build: harden action_tools.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden action.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

* build: harden action_utest.yml permissions

Signed-off-by: Alex <aleksandrosansan@gmail.com>

Signed-off-by: Alex <aleksandrosansan@gmail.com>

.github/workflows/action.yml

@@ -21,6 +21,9 @@ on:
       - '**/README.md'
       - '**/README_zh.md'
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   build:
     runs-on: ubuntu-latest

.github/workflows/action_tools.yml

@@ -27,6 +27,9 @@ on:
       - '**/*.h'
       - '**/*.cpp'
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   test:
     runs-on: ubuntu-latest

.github/workflows/action_utest.yml

@@ -21,6 +21,9 @@ on:
       - '**/README.md'
       - '**/README_zh.md'
 
+permissions:
+  contents: read # to fetch code (actions/checkout)
+
 jobs:
   test:
     runs-on: ubuntu-latest