build: add top-level token permissions for workflows

[timothyklee]

Why the changes in this PR are needed?

This continues the effort in #6938 to improve the OpenSSF Scorecard score by adding top-level token permissions to all workflows. The guideline for token permissions is here, but essentially consists of:

Set top-level permissions as read-all or contents: read as described in GitHub's documentation.
Set any required write permissions at the job-level. Only set the permissions required for that job; do not set permissions: write-all at the job level.

The most impact would be from ensure all workflows have top level permissions, as the scoring metric assigns a 0 even if one workflow is lacking a top-level permission.

What are the changes in this PR?

Add top level permissions where missing and include write permissions at the job level where needed.

Part of #6938

Notes to assist PR review:

None

Further comments:

None

[netlify]

✅ Deploy Preview for openpolicyagent ready!

Name	Link
🔨 Latest commit	c3e8a51
🔍 Latest deploy log	https://app.netlify.com/projects/openpolicyagent/deploys/6881fe9a8082170008e6bf8a
😎 Deploy Preview	https://deploy-preview-7795--openpolicyagent.netlify.app
📱 Preview on mobile	Toggle QR Code... Use your smartphone camera to open QR code link.

---

To edit notification comments on pull requests, go to your Netlify project configuration.

[johanfylling]

Thanks! 👍