Reduce permissions for GitHub actions tokens

Author: simu

.github/workflows/build-virtualenv-caches.yml

@@ -9,6 +9,8 @@ on:
   schedule:
     - cron: '0 4 * * MON'
 
+permissions: {}
+
 jobs:
   build-lint-virtualenvs:
     runs-on: ubuntu-latest

.github/workflows/cleanup-pr-tag.yml

@@ -6,6 +6,9 @@ name: Delete closed PR container image tag
     types:
       - closed
 
+permissions:
+  packages: write
+
 jobs:
   cleanup-pr-tag:
     runs-on: ubuntu-latest

.github/workflows/publish-pypi.yml

@@ -10,6 +10,8 @@ on:
     branches:
     - master
 
+permissions: {}
+
 jobs:
   build-and-publish:
     # Skip job on forks

.github/workflows/test.yml

@@ -4,6 +4,8 @@ on:
     branches:
     - master
 
+permissions: {}
+
 jobs:
   lints:
     runs-on: ubuntu-latest