Potential fix for code scanning alert no. 1: Workflow does not contain permissions (#7)

Potential fix for
[https://github.com/gammabowl/try-devutils/security/code-scanning/1](https://github.com/gammabowl/try-devutils/security/code-scanning/1)

To fix the problem, explicitly restrict the `GITHUB_TOKEN` permissions
in this workflow to the minimum required. Since the job only checks out
the repository and runs Node/Playwright-based build and tests, it only
needs read access to the repository contents and no write permissions.

The best fix is to add a `permissions` block at the workflow root level
(applies to all jobs) with `contents: read`. This documents the
workflow’s needs and ensures that, even if the repo/org default is
broader, this workflow will remain constrained. Concretely, in
`.github/workflows/ci-vercel.yml`, insert a `permissions:` section after
the `name: CI` header (or just before `jobs:`) such as:

```yaml
permissions:
  contents: read
```

No imports or additional methods are required; this is a pure YAML
configuration change.


_Suggested fixes powered by Copilot Autofix. Review carefully before
merging._

Co-authored-by: Copilot Autofix powered by AI <62310815+github-advanced-security[bot]@users.noreply.github.com>

Author: gammabowl

.github/workflows/ci-vercel.yml

@@ -1,5 +1,8 @@
 name: CI
 
+permissions:
+  contents: read
+
 on:
   push:
   pull_request: