Set permissions for GitHub actions (#7984)

This limits the damage that a compromised GitHub action could do.

See https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions
https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs

.github/workflows/commit-validation.yml

@@ -1,6 +1,9 @@
 name: commit-validation
 on: [ push, pull_request ]
 
+permissions:
+  contents: read
+
 jobs:
   check-commit-msg-length:
     runs-on: ubuntu-latest

.github/workflows/format-validation.yml

@@ -26,6 +26,9 @@ on:
       - 'test/tables/planets.jats_archiving'
       - 'test/tables/students.jats_archiving'
 
+permissions:
+  contents: read
+
 jobs:
   jats:
     name: JATS

.github/workflows/lint.yml.bkp

@@ -14,6 +14,9 @@ on:
       - stack.yaml
       - .travis.yml
 
+permissions:
+  contents: read
+
 jobs:
   lint:
     name: Lint

.github/workflows/release-candidate.yml

@@ -5,6 +5,9 @@ on:
     branches:
     - 'rc/**'
 
+permissions:
+  contents: read
+
 jobs:
   linux: