[ci] Apply recommendations for security and reliability #24 (#96)

Apply recommendations in code and documentation

- [CI] restrict permissions to read-all instead of the default write-all

Author: sebsto

.github/workflows/pull_request.yml

@@ -4,6 +4,9 @@ on:
   pull_request:
     types: [opened, reopened, synchronize]
 
+# As per Checkov CKV2_GHA_1
+permissions: read-all
+
 jobs:
   soundness:
     name: Soundness