[Backport 2.x] build: harden worfklows permissions (#4587)

[mch2]

Signed-off-by: sashashura aleksandrosansan@gmail.com

Signed-off-by: sashashura aleksandrosansan@gmail.com
(cherry picked from commit d266a73)

Description

This is a backport of #4587 to 2.x

Issues Resolved

N/A

Check List

• New functionality includes testing.
  • All tests pass
• New functionality has been documented.
  • New functionality has javadoc added
• Commits are signed per the DCO using --signoff
• Commit changes are listed out in CHANGELOG.md file (See: Changelog)

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.
For more information on following Developer Certificate of Origin and signing off your commits, please check here.

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: FAILURE ❌
• URL: https://build.ci.opensearch.org/job/gradle-check/10245/
• CommitID: b6c26ef
  Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green.
  Is the failure a flaky test unrelated to your change?

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: TIMEOUT ❌
• URL: https://build.ci.opensearch.org/job/gradle-check/10247/
• CommitID: df47f8a
  Please examine the workflow log, locate, and copy-paste the failure(s) below, then iterate to green.
  Is the failure a flaky test unrelated to your change?

[andrross]

Build-related stuff can stay out of the CHANGELOG so let's nix this. We can also remove the line from the 3.0 section of the CHANGELOG on the main branch.

[mch2]

Removed.

[mch2]

#6098

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: SUCCESS ✅
• URL: https://build.ci.opensearch.org/job/gradle-check/10251/
• CommitID: df47f8a

[codecov-commenter]

Codecov Report

Merging #6097 (df47f8a) into 2.x (3875366) will increase coverage by 0.10%.
The diff coverage is 56.52%.

❗ Current head df47f8a differs from pull request most recent head 6f84274. Consider uploading reports for the commit 6f84274 to get more accurate results

📣 This organization is not using Codecov’s GitHub App Integration. We recommend you install it so Codecov can continue to function properly for your repositories. Learn more

@@             Coverage Diff              @@
##                2.x    #6097      +/-   ##
============================================
+ Coverage     70.49%   70.59%   +0.10%     
- Complexity    59011    59048      +37     
============================================
  Files          4770     4771       +1     
  Lines        282712   282733      +21     
  Branches      41175    41179       +4     
============================================
+ Hits         199302   199605     +303     
+ Misses        66761    66461     -300     
- Partials      16649    16667      +18     

Impacted Files	Coverage Δ
...a/org/opensearch/gradle/test/DistroTestPlugin.java	0.00% <ø> (ø)
...earch/cluster/block/IndexCreateBlockException.java	0.00% <0.00%> (ø)
...rg/opensearch/common/settings/ClusterSettings.java	91.89% <ø> (ø)
...action/admin/cluster/settings/SettingsUpdater.java	91.17% <20.00%> (-5.65%)	⬇️
...va/org/opensearch/cluster/block/ClusterBlocks.java	83.83% <33.33%> (-0.78%)	⬇️
.../main/java/org/opensearch/OpenSearchException.java	93.31% <100.00%> (+0.01%)	⬆️
...min/indices/create/TransportCreateIndexAction.java	96.15% <100.00%> (+0.69%)	⬆️
...rg/opensearch/cluster/block/ClusterBlockLevel.java	100.00% <100.00%> (ø)
...java/org/opensearch/cluster/metadata/Metadata.java	87.23% <100.00%> (+0.42%)	⬆️
.../java/org/opensearch/node/NodeClosedException.java	50.00% <0.00%> (-50.00%)	⬇️
... and 486 more

Help us with your feedback. Take ten seconds to tell us how you rate us. Have a feature suggestion? Share it here.

[github-actions]

Gradle Check (Jenkins) Run Completed with:

• RESULT: SUCCESS ✅
• URL: https://build.ci.opensearch.org/job/gradle-check/10256/
• CommitID: 6f84274