Grant workflows permission to CD release workflow (#407)

The release workflow pushes version-bumped workflow files back to main,
which requires the workflows permission. Without an explicit permissions
block, GITHUB_TOKEN is issued without workflows: write, causing the push
to be rejected. Use a minimal explicit permissions set (contents: write,
workflows: write, pull-requests: read, issues: read, statuses: read,
checks: read) rather than write-all.

Author: CasperWA-ai-bot

.github/workflows/_local_cd_release.yml

@@ -8,6 +8,13 @@ on:
 jobs:
   publish:
     name: Call reusable workflow
+    permissions:
+      contents: write
+      workflows: write
+      pull-requests: read
+      issues: read
+      statuses: read
+      checks: read
     if: github.repository == 'SINTEF/ci-cd' && startsWith(github.ref, 'refs/tags/v')
     uses: ./.github/workflows/cd_release.yml
     with: