ci: apply principle of least privilege to lunaria workflow

Author: serhalp

.github/workflows/lunaria.yml

@@ -10,15 +10,15 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.event_name == 'pull_request_target' && github.head_ref || github.ref }}
   cancel-in-progress: true
 
-# Allow this job to clone the repository and comment on the pull request
-permissions:
-  contents: read
-  pull-requests: write
+permissions: {}
 
 jobs:
   lunaria-overview:
     name: 🌝 Generate Lunaria Overview
     runs-on: ubuntu-24.04-arm
+    permissions:
+      contents: read
+      pull-requests: write # post Lunaria overview comments on pull requests
 
     steps:
       - name: Checkout