🔒️(CI) add permissions level on workflow

We add permissions level on workflow to avoid
warning in github action logs.
This is a warning and not an error,
but it is good to have a clean log without warnings.

.github/workflows/crowdin_download.yml

@@ -6,6 +6,9 @@ on:
     branches:
       - 'release/**'
 
+permissions:
+  contents: read
+
 jobs:
   install-dependencies:
     uses: ./.github/workflows/dependencies.yml

.github/workflows/crowdin_upload.yml

@@ -6,6 +6,9 @@ on:
     branches: 
       - main
 
+permissions:
+  contents: read
+
 jobs:
   install-dependencies:
     uses: ./.github/workflows/dependencies.yml

.github/workflows/dependencies.yml

@@ -14,6 +14,9 @@ on:
         type: boolean
         default: false
 
+permissions:
+  contents: read
+
 jobs:
   front-dependencies-installation:
     if: ${{ inputs.with-front-dependencies-installation == true }}

.github/workflows/docker-publish.yml

@@ -37,6 +37,9 @@ description: Build and push a container image based on the input arguments provi
         default: ""
         description: "Build arg name to pass first amd64 tag to arm64 build (skips arch-independent build steps)"
 
+permissions:
+  contents: read
+
 jobs:
   build-and-push:
     runs-on: ubuntu-latest

.github/workflows/ghcr.yml

@@ -13,6 +13,9 @@ env:
   DOCKER_USER: 1001:127
   REGISTRY: ghcr.io
 
+permissions:
+  contents: read
+
 jobs:
   build-and-push-backend:
     runs-on: ubuntu-latest

.github/workflows/impress-frontend.yml

@@ -8,6 +8,9 @@ on:
     branches:
       - "*"
 
+permissions:
+  contents: read
+
 jobs:
 
   install-dependencies:

.github/workflows/impress.yml

@@ -8,6 +8,9 @@ on:
     branches:
       - "*"
 
+permissions:
+  contents: read
+
 jobs:
   install-dependencies:
     uses: ./.github/workflows/dependencies.yml