Fix code scanning alert: Workflow does not contain permissions

[mbrt]

Potential fix for https://github.com/mbrt/gmailctl/security/code-scanning/6

To address the issue, add a permissions block at the root of the workflow, defining the minimal set of permissions required. In this workflow’s case, since you are pushing commits and tags, you need contents: write. No other category appears required (the workflow does not interact with issues, pull requests, or packages). The safest/best fix is to add:

permissions:
  contents: write

directly under the workflow name (line 3), before the on: block. This ensures the job will only have write permissions to repository contents, matching its actual requirements and adhering to least privilege.

Suggested fixes powered by Copilot Autofix. Review carefully before merging.

[codecov]

Codecov Report

✅ All modified and coverable lines are covered by tests.
✅ Project coverage is 37.49%. Comparing base (84c97f2) to head (a353e3e).
⚠️ Report is 1 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master     #439   +/-   ##
=======================================
  Coverage   37.49%   37.49%           
=======================================
  Files          54       54           
  Lines        3646     3646           
=======================================
  Hits         1367     1367           
  Misses       2192     2192           
  Partials       87       87           

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

🚀 New features to boost your workflow:

• ❄️ Test Analytics: Detect flaky tests, report on failures, and find test suite problems.