ci(github): set default permissions to read-all

Author: remarkablemark

.github/workflows/assign-reviewer.yml

@@ -1,12 +1,14 @@
 name: Assign Reviewer
 on: pull_request_target
 
-permissions:
-  pull-requests: write
+permissions: read-all
 
 jobs:
   assign-reviewer:
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
+
     steps:
       - name: Assign reviewer
         if: >

.github/workflows/build.yml

@@ -1,8 +1,7 @@
 name: build
 on: [push, pull_request]
 
-permissions:
-  contents: read
+permissions: read-all
 
 jobs:
   build:

.github/workflows/commitlint.yml

@@ -1,8 +1,7 @@
 name: commitlint
 on: [push, pull_request]
 
-permissions:
-  contents: read
+permissions: read-all
 
 jobs:
   commitlint:

.github/workflows/lint.yml

@@ -1,8 +1,7 @@
 name: lint
 on: [push, pull_request]
 
-permissions:
-  contents: read
+permissions: read-all
 
 jobs:
   lint:

.github/workflows/release-please.yml

@@ -4,6 +4,8 @@ on:
     branches:
       - master
 
+permissions: read-all
+
 jobs:
   release-please:
     runs-on: ubuntu-latest
@@ -25,7 +27,6 @@ jobs:
     needs: release-please
     if: ${{ needs.release-please.outputs.release_created }}
     permissions:
-      contents: read
       id-token: write
 
     steps:

.github/workflows/size-limit.yml

@@ -4,14 +4,15 @@ on:
     branches:
       - master
 
-permissions:
-  pull-requests: write
+permissions: read-all
 
 jobs:
   size:
     runs-on: ubuntu-latest
     env:
       CI_JOB_NUMBER: 1
+    permissions:
+      pull-requests: write
 
     steps:
       - name: Checkout repository

.github/workflows/test.yml

@@ -1,8 +1,7 @@
 name: test
 on: [push, pull_request]
 
-permissions:
-  contents: read
+permissions: read-all
 
 jobs:
   unit: