ci: declare workflow-level contents: read on check-index and test

Workflow runs checks only; no GitHub API writes from the workflow itself. Post-CVE-2025-30066 hardening pattern. yaml.safe_load validated.

Signed-off-by: Arpit Jain <arpitjain099@gmail.com>

Author: arpitjain099

.github/workflows/check-index.yml

@@ -8,6 +8,9 @@ on:
     branches:
     - check-index-test
 
+permissions:
+  contents: read
+
 jobs:
   build:
 

.github/workflows/test.yml

@@ -8,6 +8,9 @@ on:
 env:
   GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
+permissions:
+  contents: read
+
 jobs:
   build:
     name: ${{ matrix.ruby_version }}-${{ matrix.ubuntu_version }} ${{ matrix.arch }}