include permissions on all GitHub Actions workflows

Author: penDerGraft

Diff for: .github/workflows/add-to-project.yml

@@ -1,4 +1,7 @@
 name: Add issues to API team project
+permissions:
+  issues: write
+  contents: read
 
 on:
   issues:
@@ -13,4 +16,4 @@ jobs:
       - uses: actions/add-to-project@main
         with:
           project-url: https://github.com/orgs/github/projects/8014
-          github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }}
+          github-token: ${{ secrets.ADD_TO_PROJECT_TOKEN }}

Diff for: .github/workflows/check-for-spammy-issues.yml

@@ -1,5 +1,8 @@
 name: Check for Spammy Issues
-
+permissions:
+  issues: write
+  pull-requests: write
+  contents: read
 # **What it does**: This action closes low value pull requests in the open-source repository.
 # **Why we have it**: We get lots of spam in the open-source repository.
 # **Who does it impact**: Open-source contributors.

Diff for: .github/workflows/copy-documentation-issue.yml

@@ -1,11 +1,13 @@
 # When the `documentation` label is added for documentation issues,
-# this workflow copies the issue to the API team repo which can then 
-# be transferred to the feature team that owns the problem endpoint 
+# this workflow copies the issue to the API team repo which can then
+# be transferred to the feature team that owns the problem endpoint
 # so they can resolve the documentation problem
 # (we do not transfer the original issue so that the issue does not disappear for the contributor)
 
 name: Copy documentation issue
-
+permissions:
+  issues: write
+  contents: read
 on:
   issues:
     types:

Diff for: .github/workflows/copy-feature-issue.yml

@@ -1,4 +1,7 @@
 name: Copy feature issue
+permissions:
+  issues: write
+  contents: read
 
 on:
   issues:

Diff for: .github/workflows/linter.yml

@@ -1,5 +1,7 @@
 ---
 name: Lint OpenAPI Descriptions
+permissions:
+  contents: read
 
 on:
   - push

Diff for: .github/workflows/release-notifier.yml

@@ -1,4 +1,5 @@
 name: Release Notifier
+permissions: {}
 on:
   release:
     types:

Diff for: .github/workflows/release.yml

@@ -5,7 +5,9 @@ on:
     - 'v*' # Push events to matching v*, i.e. v1.0, v20.15.10
 
 name: Release and Upload Assets
-
+permissions:
+    contents: write
+    
 jobs:
   build:
     name: Release and Upload Assets
@@ -32,7 +34,7 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
         with:
-          upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps 
+          upload_url: ${{ steps.create_release.outputs.upload_url }} # This pulls from the CREATE RELEASE step above, referencing it's ID to get its outputs object, which include a `upload_url`. See this blog post for more info: https://jasonet.co/posts/new-features-of-github-actions/#passing-data-to-future-steps
           asset_path: ./descriptions.zip
           asset_name: descriptions.zip
           asset_content_type: application/zip