Potential fix for code scanning alert no. 2: Workflow does not contain permissions

[Project516]

Potential fix for https://github.com/Project516/NumberGuessingGame/security/code-scanning/2

To fix the problem, explicitly restrict the GITHUB_TOKEN permissions for the build-assets job. Since this job only needs to clone the repository and upload artifacts to the workflow run, it does not need any write permissions to the repository; contents: read is sufficient. actions/upload-artifact operates on the workflow run and does not require repository write scopes.

The best minimal fix without changing existing functionality is to add a permissions block to the build-assets job, at the same indentation level as runs-on and strategy. Set contents: read so that actions/checkout can read the repository, while avoiding unnecessary write scopes. The create-release job already has permissions: contents: write, which is appropriate to upload release assets, so no change is needed there.

Concretely: edit .github/workflows/release.yml, in the build-assets job definition between runs-on: ubuntu-latest (line 13) and strategy: (line 14), and insert:

    permissions:
      contents: read

No imports or other definitions are required.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[Project516]

@copilot will the uploading of assets work after this change?

[Copilot]

@Project516 I've opened a new pull request, #126, to work on those changes. Once the pull request is ready, I'll request review from you.