Add GitHub token permissions for workflow

GitHub asks developers to define workflow permissions,
see below for securing GitHub workflows against supply-chain attacks.
- https://github.blog/changelog/2021-04-20-github-actions-control-permissions-for-github_token/
- https://docs.github.com/en/actions/security-guides/automatic-token-authentication#modifying-the-permissions-for-the-github_token

Author: mishina2228

.github/workflows/ci.yml

@@ -4,6 +4,9 @@ on:
   - push
   - pull_request
 
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest