ci: set default permissions for workflows

The default workflow permissions are overly broad; setting permissions
explicitly at the workflow level ensures excessive permissions are not
unintentionally granted to jobs. For details, see:
https://docs.zizmor.sh/audits/#excessive-permissions

.github/workflows/lintcommit.yml

@@ -4,6 +4,10 @@ on:
     types: [opened, synchronize, reopened, ready_for_review]
     branches:
       - 'master'
+
+permissions:
+  contents: read
+
 jobs:
   lint-commits:
     runs-on: ubuntu-latest