feat: add explicit permissions to GitHub workflows

[Copilot]

Context

GitHub Actions workflows should follow the principle of least privilege by declaring explicit permissions rather than relying on default permissions. This reduces attack surface and improves security posture.

Related Jira ticket

N/A

Screenshots

N/A

---

Changes

Added explicit permissions: contents: read declarations to workflows that only need repository read access:

• .github/workflows/ci.yml - CI workflow for builds, lints, and tests on PRs
• .github/workflows/copilot-setup-steps.yml - Setup validation workflow

The release.yml workflow already had appropriate permissions defined (contents: read, pages: write, id-token: write) for its deployment operations.

permissions:
  contents: read

All workflows now explicitly declare their required permissions rather than inheriting default GITHUB_TOKEN permissions.

Original prompt

---

This section details on the original issue you should resolve

<issue_title>add explicit permisions to GH workflows</issue_title>
<issue_description></issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes add explicit permisions to GH workflows #984

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[Copilot]

Pull request overview

This PR enhances security posture by adding explicit permission declarations to GitHub Actions workflows, following the principle of least privilege.

Changes:

• Added permissions: contents: read to ci.yml workflow
• Added permissions: contents: read to copilot-setup-steps.yml workflow
• Verified release.yml already has appropriate permissions defined

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated no comments.

File	Description
.github/workflows/ci.yml	Added explicit read-only permissions for CI builds, lints, and tests
.github/workflows/copilot-setup-steps.yml	Added explicit read-only permissions for setup validation