ci: set default permissions for workflows

The default workflow permissions are overly broad; setting permissions
explicitly at the workflow level ensures excessive permissions are not
unintentionally granted to jobs. For details, see:
https://docs.zizmor.sh/audits/#excessive-permissions

.github/workflows/lintcommit_dummy.yml

@@ -8,6 +8,9 @@ on:
     types: [opened, synchronize, reopened, ready_for_review]
     branches:
       - 'release-[0-9]+.[0-9]+'
+
+permissions: {}
+
 jobs:
   lint-commits:
     runs-on: ubuntu-latest