restrict workflow action permissions

Signed-off-by: Ramkumar Chinchani <rchincha@cisco.com>

.github/dependabot.yml

@@ -0,0 +1,11 @@
+# To get started with Dependabot version updates, you'll need to specify which
+# package ecosystems to update and where the package manifests are located.
+# Please see the documentation for all configuration options:
+# https://docs.github.com/github/administering-a-repository/configuration-options-for-dependency-updates
+
+version: 2
+updates:
+  - package-ecosystem: "" # See documentation for possible values
+    directory: "/" # Location of package manifests
+    schedule:
+      interval: "weekly"

.github/workflows/benchmark.yaml

@@ -7,6 +7,8 @@ on:
     # The branches below must be a subset of the branches above
     branches: [main]
 
+permissions: read-all
+
 jobs:
   benchmark:
     name: Performance regression check

.github/workflows/cloc.yml

@@ -9,6 +9,9 @@ on:
   release:
     types:
       - published
+
+permissions: read-all
+
 jobs:
   loc:
     name: Lines of code

.github/workflows/cluster.yaml

@@ -9,6 +9,8 @@ on:
     types:
       - published
 
+permissions: read-all
+
 jobs:
   client-tools:
     name: Stateless zot with shared reliable storage

.github/workflows/dco.yml

@@ -5,6 +5,9 @@ on:
   push:
     branches:
       - main
+
+permissions: read-all
+
 jobs:
   check:
     runs-on: ubuntu-latest

.github/workflows/license.yaml

@@ -11,6 +11,8 @@ on:
     # The branches below must be a subset of the branches above
     branches: [main]
 
+permissions: read-all
+
 jobs:
   license-check:
     runs-on: ubuntu-latest

.github/workflows/tls.yaml

@@ -7,6 +7,8 @@ on:
     # The branches below must be a subset of the branches above
     branches: [main]
 
+permissions: read-all
+
 jobs:
   tls-check:
     runs-on: ubuntu-latest