Investigate removing "write + read" permissions from docs

[vincerubinetti]

It turns out I may have been misunderstanding the (imo complex) hierarchy of GitHub permissions. I think since I've specified the specific permissions I need in each workflow file, the user shouldn't have to change their repo to "write + read" in the Actions settings.

I could've sworn in past testing that even with the permissions field, you still needed "write + read" in the settings, but testing something just now with the Dashnow lab, it appears that you don't. I still want to test this thoroughly before removing it from the docs, because there's places where it could still fail. E.g. maybe it works for orgs but not regular users, or maybe it works when doing a PR from a branch but not a fork 🤷

I think the user would still need to check "allow actions to open PRs" for the on-schedule citation update.

[ShravyaRS]

Hi, I’m Shravya and I’m interested in helping with investigating the GitHub permissions described in this issue.
Could you please guide me on the best way to test these permissions or point me to the relevant documentation to get started?
Looking forward to contributing to improving the docs!