Add minimum token permissions for all GitHub workflow files

[Copilot]

This PR addresses the OSSF Scorecard requirement for minimum token permissions in GitHub workflow files.

Analysis Results

After thorough analysis of all 9 GitHub workflow files in .github/workflows/, I found that all workflows already comply with the OSSF Scorecard token permissions requirements:

✅ Compliant Workflows

• build.yml - Has top-level permissions: contents: read
• codeql.yml - Has top-level permissions: contents: read + job-level permissions for security analysis
• fossa.yml - Has top-level permissions: contents: read
• gradle-wrapper-validation.yml - Has top-level permissions: contents: read
• ossf-scorecard.yml - Has top-level permissions: contents: read + job-level permissions for security scanning
• prepare-release-branch.yml - Has top-level permissions: contents: read + job-level contents: write for release operations
• release.yml - Has top-level permissions: contents: read + job-level contents: write for release operations
• reusable-markdown-link-check.yml - Has top-level permissions: contents: read
• reusable-misspell-check.yml - Has top-level permissions: contents: read

Security Best Practices Already Implemented

1. ✅ Every workflow has a top-level permissions: block positioned after the on: block
2. ✅ All workflows use permissions: contents: read as the minimum baseline
3. ✅ Jobs requiring elevated permissions have appropriate job-specific permission blocks
4. ✅ Proper spacing and formatting is maintained throughout

Conclusion

No changes were required as the repository already follows security best practices for GitHub Actions token permissions. This demonstrates excellent security hygiene in the existing workflow configurations.

Fixes #3.

---

💬 Share your feedback on Copilot coding agent for the chance to win a $200 gift card! Click here to start the survey.