chore: Set permissions for GitHub actions (#6936)

.github/workflows/go.yml

@@ -18,8 +18,14 @@ on:
 env:
   GOPROXY: "https://proxy.golang.org"
 
+permissions:
+  contents: read
+
 jobs:
   lint:
+    permissions:
+      contents: read  # for actions/checkout to fetch code
+      pull-requests: read  # for golangci/golangci-lint-action to fetch pull requests
     name: Lint
     runs-on: ubuntu-latest
     steps:

.github/workflows/shell.yml

@@ -4,6 +4,9 @@ on:
     branches: [ main ]
   pull_request:
 
+permissions:
+  contents: read
+
 jobs:
   shellcheck:
     name: Shellcheck