Fix OIDC permissions for reusable workflow

Move permissions (id-token: write) to the caller workflow so
the reusable workflow inherits the required OIDC token permission
for AWS credential configuration.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

Author: laughingman7743

.github/workflows/test-suite.yaml

@@ -7,10 +7,6 @@ on:
         required: true
         type: string
 
-permissions:
-  id-token: write
-  contents: read
-
 jobs:
   run:
     runs-on: ubuntu-latest

.github/workflows/test.yaml

@@ -5,6 +5,10 @@ on:
   schedule:
     - cron:  '0 0 * * 0'
 
+permissions:
+  id-token: write
+  contents: read
+
 jobs:
   test:
     uses: ./.github/workflows/test-suite.yaml