Merge pull request #177 from adrianreber/2025-12-10-codeql

workflows: add explicit permissions to fix CodeQL warnings

Author: adrianreber

.github/workflows/check-size.yml

@@ -4,6 +4,9 @@ on:
   pull_request:
     types: [opened, reopened, synchronize, labeled, unlabeled, ready_for_review]
 
+permissions:
+  contents: read
+
 jobs:
   check_size:
     runs-on: ubuntu-latest

.github/workflows/coverage.yml

@@ -2,6 +2,9 @@ name: Run coverage
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   coverage:
     runs-on: ubuntu-latest

.github/workflows/tests.yml

@@ -2,6 +2,9 @@ name: Run Tests
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest

.github/workflows/verify.yml

@@ -2,6 +2,9 @@ name: verify
 
 on: [push, pull_request]
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     runs-on: ubuntu-latest