cleanup permissions

- No need to be able to mint an ID-token during the prepare release worfklow
- No need for write permissions during the relase, we're not _creating_ a GitHub release in this case

Author: RobinMalfait

.github/workflows/prepare-release.yml

@@ -227,8 +227,6 @@ jobs:
 
     permissions:
       contents: write # for softprops/action-gh-release to create GitHub release
-      # https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions
-      id-token: write
 
     needs:
       - build

.github/workflows/release.yml

@@ -230,7 +230,7 @@ jobs:
     name: Build and publish Tailwind CSS
 
     permissions:
-      contents: write # for softprops/action-gh-release to create GitHub release
+      contents: read
       # https://docs.npmjs.com/generating-provenance-statements#publishing-packages-with-provenance-via-github-actions
       id-token: write