build: harden ci.yml permissions (#2252)

Signed-off-by: Alex <[email protected]>

Signed-off-by: Alex <[email protected]>

Author: sashashura

.github/workflows/ci.yml

@@ -10,8 +10,15 @@ on:
       - main
       - master
 
+permissions:
+  contents: read #  to fetch code (actions/checkout)
+
 jobs:
   Tests:
+    permissions:
+      contents: read #  to fetch code (actions/checkout)
+      checks: write #  to create new checks (coverallsapp/github-action)
+
     runs-on: ubuntu-latest
     strategy:
       matrix: