Add workflow permissions

Fixes #1

Author: Buried-In-Code

.github/workflows/publishing.yaml

@@ -5,6 +5,8 @@ on: push
 jobs:
   build:
     name: Build
+    permissions:
+      contents: read
     runs-on: ubuntu-latest
 
     steps:
@@ -22,16 +24,17 @@ jobs:
           path: dist/
 
   publish-to-pypi:
-    name: Publish to PyPI
     if: startsWith(github.ref, 'refs/tags/')
     needs:
       - build
-    runs-on: ubuntu-latest
+    
     environment:
       name: pypi
       url: https://pypi.org/p/Mediux-Posters
+    name: Publish to PyPI
     permissions:
       id-token: write
+    runs-on: ubuntu-latest
 
     steps:
       - uses: actions/download-artifact@v4

.github/workflows/testing.yaml

@@ -30,7 +30,11 @@ jobs:
           - ubuntu-latest
           - macos-latest
           - windows-latest
+    
+    permissions:
+      contents: read
     runs-on: ${{ matrix.os }}
+    
     steps:
       - uses: actions/checkout@v4
       - uses: astral-sh/setup-uv@v5
@@ -40,10 +44,14 @@ jobs:
         run: uv sync --group tests
       - name: Run tests
         run: uv run pytest
+  
   collector:
-    needs: [pytest]
     if: always()
+    needs:
+      - pytest
+    
     runs-on: ubuntu-latest
+    
     steps:
       - name: Check for failures
         if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled')