CI: Restrict default permissions on GitHub Actions workflows

[echoix]

This PR makes some fixes to the new security issues found by CodeQL for the actions (GitHub Actions) language, added in #4940.

I searched for the needed permissions as much as I could find, and I tested this PR as much as I could, even using my default branch. Why I say as much as I could? Well, my fork is a fork, and it is not in an organization, and I do not know exactly the remaining settings that are applied, but I still changed my actions settings (https://github.com/OSGeo/grass/settings/actions) to "Read repository contents and packages permissions", which is the new default for new repos after some date in 2023.

I suggest changing our settings to that, if possible (cc @neteler or @wenzeslaus). For organizations, it might be different, and I hope it isn't only possible at the org-level.

[neteler]

I suggest changing our settings to that, if possible (cc @neteler or @wenzeslaus). For organizations, it might be different, and I hope it isn't only possible at the org-level.

Is there any action item left?

[echoix]

I suggest changing our settings to that, if possible (cc @neteler or @wenzeslaus). For organizations, it might be different, and I hope it isn't only possible at the org-level.

Is there any action item left?

Nope, in the security tab, sorted by newest, there isn't anything left in the open issues that concern GitHub actions https://github.com/OSGeo/grass/security/code-scanning?query=is%3Aopen+branch%3Amain+sort%3Acreated-desc

[echoix]

Oh, I misread, I cannot know what settings you have. You can send me a picture by email of the settings from the link in the PRs description if you'd like me to check