Potential fix for code scanning alert no. 4: Workflow does not contain permissions

[nstarman]

Potential fix for https://github.com/GalacticDynamics/optional_dependencies/security/code-scanning/4

To fix the problem, add an explicit permissions block to the "dist" job. The safest minimal permission is contents: read, which allows only fetching repository content (needed for checkout). This change should be made under jobs.dist (just below name: Distribution build), matching the positioning and structure of how your other jobs specify permissions. No changes to functionality will occur; this will only restrict the GITHUB_TOKEN to minimal required access.

---

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 100.00%. Comparing base (f8bd0ed) to head (71c75b9).
⚠️ Report is 1 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff            @@
##              main       #38   +/-   ##
=========================================
  Coverage   100.00%   100.00%           
=========================================
  Files            3         3           
  Lines           82        82           
=========================================
  Hits            82        82           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.