[GitHub] Add minimum token permissions for workflow

[varunsh-coder]

Description

This PR adds minimum token permissions for the GITHUB_TOKEN in GitHub Actions workflow using https://github.com/step-security/secure-workflows.
All GitHub Actions workflows have a GITHUB_TOKEN with write access to multiple scopes.
Here is an example of the permissions in one of the workflows:
https://github.com/tensorflow/models/runs/7824930711?check_suite_focus=true#step:1:19

After this change, the scopes will be reduced to the minimum needed for the workflow.

Motivation

• This is a security best practice, so if the GITHUB_TOKEN is compromised due to a vulnerability or compromised Action, the damage will be reduced.
• GitHub recommends defining minimum GITHUB_TOKEN permissions.
  https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token
• The Open Source Security Foundation (OpenSSF) Scorecards also treats not setting token permissions as a high-risk issue. This change will help increase the Scorecard score for this repository.

Signed-off-by: Varun Sharma varunsh@stepsecurity.io

Type of change

For a new feature or function, please create an issue first to discuss it
with us before submitting a pull request.

Note: Please delete options that are not relevant.

• Bug fix (non-breaking change which fixes an issue)
• Documentation update
• TensorFlow 2 migration
• New feature (non-breaking change which adds functionality)
• Breaking change (fix or feature that would cause existing functionality to not work as expected)
• A new research paper code implementation
• Other (Specify)

Improvement to the GitHub Actions workflow

Tests

No tests run. This is a standard configuration for workflows and does not affect rest of the code.

Test Configuration:

Checklist

• I have signed the Contributor License Agreement.
• I have read guidelines for pull request.
• My code follows the coding guidelines.
• I have performed a self code review of my own code.
• I have commented my code, particularly in hard-to-understand areas.
• I have made corresponding changes to the documentation.
• My changes generate no new warnings.
• I have added tests that prove my fix is effective or that my feature works.

[frederick0329]

Thank you!