CCM-17709 adding action permissions

[timireland]

Description

Adding the necessary permission to the action to be able to run when repo is made private.

Context

SLDC -8 has been updated so that repos must be private/internal by default.

Type of changes

• Refactoring (non-breaking change)
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would change existing functionality)
• Bug fix (non-breaking change which fixes an issue)

Checklist

• I am familiar with the contributing guidelines
• I have followed the code style of the project
• I have added tests to cover my changes
• I have updated the documentation accordingly
• This PR is a result of pair or mob programming

• This PR includes code generated by a coding agent

---

Sensitive Information Declaration

To ensure the utmost confidentiality and protect your and others privacy, we kindly ask you to NOT including PII (Personal Identifiable Information) / PID (Personal Identifiable Data) or any other sensitive data in this PR (Pull Request) and the codebase changes. We will remove any PR that do contain any sensitive information. We really appreciate your cooperation in this matter.

• I confirm that neither PII/PID nor sensitive data are included in this PR and the codebase changes.

[Copilot]

Pull request overview

Adds explicit GITHUB_TOKEN permissions to the CI/CD pull request workflow to keep it functioning under stricter default permissions when repositories are private/internal.

Changes:

• Adds a top-level permissions block to the PR CI/CD workflow.
• Grants contents: read, pull-requests: read, and pages: write at workflow scope.

---

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

CI failed

[m-houston]

It looks like the CI workflows are failing due to missing permissions:

Invalid workflow file

The workflow is not valid. .github/workflows/cicd-1-pull-request.yaml (Line: 80, Col: 3): Error calling workflow 'NHSDigital/nhs-notify-supplier-config/.github/workflows/stage-1-commit.yaml@2bcbdb861c9027f1b15d954259ca62aa85c9a779'. The nested job 'terraform-docs' is requesting 'contents: write', but is only allowed 'contents: read'. .github/workflows/cicd-1-pull-request.yaml (Line: 80, Col: 3): Error calling workflow 'NHSDigital/nhs-notify-supplier-config/.github/workflows/stage-1-commit.yaml@2bcbdb861c9027f1b15d954259ca62aa85c9a779'. The nested job 'count-lines-of-code' is requesting 'id-token: write', but is only allowed 'id-token: none'.